SolarWinds Patches Critical Vulnerabilities in Access Rights Manager

19-July-24

SolarWinds has released security updates for Access Rights Manager, addressing 13 vulnerabilities, including eight critical ones that could allow remote code execution and path traversal without authentication. The critical flaws, identified as CVE-2024-23466 through CVE-2024-23475, primarily result from improper input validation and exposed dangerous methods, with CVSS scores up to 10. These vulnerabilities affect versions up to 2023.2.4 and are fixed in version 2024.3. Five additional high-severity issues were also patched, which could enable arbitrary file deletion, information disclosure, and domain admin access. Users are urged to update to the latest version promptly, with more details available on SolarWinds’ and ZDI’s advisories pages.

Read More…