cbcvebase.

Solarwinds Access Rights Manager vulnerabilities

32 known vulnerabilities affecting solarwinds/access_rights_manager.

Total CVEs
32
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH22MEDIUM2

Vulnerabilities

Page 2 of 2
CVE-2024-28990P3HIGHCVSS 8.8fixed in 2024.3.1≥ previous versions, ≤ 2024.32024-09-12
CVE-2024-28990 [HIGH] CWE-798 CVE-2024-28990: SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication b SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this an
nvd
CVE-2024-23475P3HIGHCVSS 8.8≤ 2023.2.4≥ previous versions, ≤ 2023.2.42024-07-17
CVE-2024-23475 [HIGH] CWE-22 CVE-2024-23475: The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclo The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
nvd
CVE-2024-28991P3HIGHCVSS 8.0fixed in 2024.3.1≥ previous versions, ≤ 2024.32024-09-12
CVE-2024-28991 [HIGH] CWE-502 CVE-2024-28991: SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulner SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
nvd
CVE-2024-23474P3HIGHCVSS 8.8≤ 2023.2.4≥ previous versions, ≤ 2023.2.42024-07-17
CVE-2024-23474 [HIGH] CWE-22 CVE-2024-23474: The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and I The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.
nvd
CVE-2024-23468P3HIGHCVSS 8.3≤ 2023.2.4≥ previous versions, ≤ 2023.2.42024-07-17
CVE-2024-23468 [HIGH] CWE-22 CVE-2024-23468: The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclo The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
nvd
CVE-2024-28992P3HIGHCVSS 8.3≤ 2023.2.4≥ previous versions, ≤ 2023.2.42024-07-17
CVE-2024-28992 [HIGH] CWE-287 CVE-2024-28992: The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclo The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
nvd
CVE-2024-28993P3HIGHCVSS 8.3fixed in 2024.3≥ previous versions, ≤ 2023.2.42024-07-17
CVE-2024-28993 [HIGH] CWE-22 CVE-2024-28993: The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclo The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
nvd
CVE-2023-35181P3HIGHCVSS 7.8≤ 2023.2.0.73≥ previous versions, ≤ 2023.2.0.732023-10-19
CVE-2023-35181 [HIGH] CWE-276 CVE-2023-35181: The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vul The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
nvd
CVE-2023-35183P3HIGHCVSS 7.8≤ 2023.2.0.73≥ previous versions, ≤ 2023.2.0.732023-10-19
CVE-2023-35183 [HIGH] CWE-276 CVE-2023-35183: The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vul The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
nvd
CVE-2021-35227P3HIGHCVSS 7.8≤ 2020.2.6≥ 2020.2.6 and previous versions, ≤ 2021.42021-10-21
CVE-2021-35227 [HIGH] CWE-79 CVE-2021-35227: The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTP The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
nvd
CVE-2023-35185P3MEDIUMCVSS 6.8≤ 2023.2.0.73≥ previous versions, ≤ 2023.2.0.732023-10-19
CVE-2023-35185 [MEDIUM] CWE-22 CVE-2023-35185: The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerabil The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
nvd
CVE-2023-40058P4MEDIUMCVSS 6.5≤ 2023.2.1≥ previous versions, ≤ 2023.2.12023-12-21
CVE-2023-40058 [MEDIUM] CWE-200 CVE-2023-40058: Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to acc Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
nvd
Solarwinds Access Rights Manager vulnerabilities | cvebase