Lucene search

SolarWindsCVELIST:CVE-2023-40058

HistoryDec 21, 2023 - 4:14 p.m.

CVE-2023-40058 Sensitive Information Disclosure Vulnerability

2023-12-2116:14:48

CWE-200

SolarWinds

www.cve.org

sensitive data

public-facing

knowledgebase

access rights manager

environment

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Access Rights Manager",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.1",
        "status": "affected",
        "version": "previous versions",
        "versionType": "2023.2.1"
      }
    ]
  }
]

References

www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for CVELIST:CVE-2023-40058