First published: Thu Feb 15 2024(Updated: )
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
Credit: psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Access Rights Manager | <2023.2.3 | |
SolarWinds Access Rights Manager | =2023.2.3 | |
JetBrains TeamCity | ||
SonicWall Next-Generation Firewalls | ||
Perforce Helix Core |
All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.3
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-23479 is considered a critical vulnerability due to its potential for Remote Code Execution.
To fix CVE-2024-23479, update SolarWinds Access Rights Manager to version 2023.2.4 or later.
CVE-2024-23479 affects SolarWinds Access Rights Manager version 2023.2.3 and earlier.
Yes, CVE-2024-23479 can be exploited by an unauthenticated user, allowing for Remote Code Execution.
CVE-2024-23479 is classified as a Directory Traversal Remote Code Execution vulnerability.