SolarWinds Product Security Update Advisory

Jul 22 2024

Overview

SolarWinds has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-28074, CVE-2024-23475, CVE-2024-23474, CVE-2024-28993, CVE-2024-28992, CVE-2024-23466, CVE-2024-23472, CVE-2024-23470, CVE-2024-23465, CVE-2024-23468, CVE-2024-23471, CVE-2024-23469, CVE-2024-23467

SolarWinds Access Rights Manager (ARM) 2024.2 or below

Resolved Vulnerabilities

SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074)
SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23474)
SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability (CVE-2024-23475, CVE-2024-28993, CVE-2024-28992, CVE-2024-23468)
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23466, CVE-2024-23467)
SolarWinds Access Rights Manager Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472)
Dangerous Method Remote Command Execution Vulnerability in SolarWinds Access Rights Manager (ARM) UserScriptHumster (CVE-2024-23470)
Critical Method Authentication Bypass Vulnerability in SolarWinds Access Rights Manager (ARM) ChangeHumster (CVE-2024-23465)
SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability in ChangeHumster (CVE-2024-23471)
Risky Method Remote Code Execution Vulnerability in SolarWinds Access Rights Manager (CVE-2024-23469)

Vulnerability Patches

Vulnerability Patches were made available in the latest update on July 18, 2024. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.