Lucene search
SolarWindsCVE-2024-23475HistoryJul 17, 2024 - 3:15 p.m.
CVE-2024-23475
2024-07-1715:15:13
CWE-22
SolarWinds
web.nvd.nist.gov
27
solarwinds
access rights manager
directory traversal
vulnerability
information disclosure
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.003
Percentile
68.5%
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
Affected configurations
Node
solarwindsaccess_rights_managerRange≤2023.2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | access_rights_manager | * | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Access Rights Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "2023.2.4",
"status": "affected",
"version": "previous versions",
"versionType": "2024.3"
}
]
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2024-23475
2024-07-17 15:15:13
vulnrichment
vulnrichment
thn
thn
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
2024-07-19 07:13:00
nessus
nessus
SolarWinds ARM < 24.3 (arm_2024_3)
2024-07-19 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.003
Percentile
68.5%
Related for CVE-2024-23475