SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001

Overview

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.

What is vulnerable?

Product(s) Affected	Summary	Severity	CVSS
SolarWinds Access Rights Manager (ARM) 2023.2.2	CVE-2024-23476	Critical	9.6
SolarWinds Access Rights Manager (ARM) 2023.2.2	CVE-2024-23479	Critical	9.6
SolarWinds Access Rights Manager (ARM) 2023.2.2	CVE-2023-40057	Critical	9.0
SolarWinds Access Rights Manager (ARM) 2023.2.2	CVE-2024-23478	High	8.0
SolarWinds Access Rights Manager (ARM) 2023.2.2	CVE-2024-23477	High	7.9

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

• SolarWinds Security Vulnerablities
• ARM 2023.2.3 Release Notes

Additional References

• SolarWinds fixes critical RCE bugs in access rights audit solution