Skip to content

SolarWinds Releases Patches for Vulnerabilities - 20240219001

Overview

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.

What is vulnerable?

Product(s) Affected Summary Severity CVSS
SolarWinds Access Rights Manager (ARM) 2023.2.2 CVE-2024-23476 Critical 9.6
SolarWinds Access Rights Manager (ARM) 2023.2.2 CVE-2024-23479 Critical 9.6
SolarWinds Access Rights Manager (ARM) 2023.2.2 CVE-2023-40057 Critical 9.0
SolarWinds Access Rights Manager (ARM) 2023.2.2 CVE-2024-23478 High 8.0
SolarWinds Access Rights Manager (ARM) 2023.2.2 CVE-2024-23477 High 7.9

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

Additional References