SolarWinds has released security updates to address critical vulnerabilities (CVE-2023-40057, CVE-2024-23476 and CVE-2024-23479) impacting their Access Rights Manager (ARM) product.
The critical vulnerabilities are:
- CVE-2023-40057: Successful exploitation of the input validation vulnerability may allow an authenticated attacker to abuse a SolarWinds service to perform remote code execution
- CVE-2024-23476: Successful exploitation of the directory traversal vulnerability may allow an unauthenticated attacker to perform remote code execution
- CVE-2024-23479: Successful exploitation of the directory traversal vulnerability may allow an unauthenticated attacker to perform remote code execution
The vulnerabilities affect SolarWinds ARM versions 2023.2 and earlier.
Users and administrators of affected product versions are advised to update to the latest version immediately.
More information is available here: