Security Advisory

SolarWinds Product Security Update Advisory

  • May 13 2024

Overview

 

We have released updates to fix vulnerabilities in SolarWinds products. users of affected versions are advised to update to the latest version.

 

Affected Products

 

SolarWinds Access Rights Manager versions up to and including 2023.2.3

 

Resolved Vulnerabilities

 

Remote code execution vulnerability in SolarWinds Access Rights Manager (CVE-2024-28075)

Authentication bypass vulnerability due to hard-coded credentials in SolarWinds Access Rights Manager (CVE-2024-23473)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

SolarWinds Access Rights Manager versions up to and including 2023.2.4

 

Referenced Sites

 

[1] ARM 2023.2.4 release notes

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm

[2] solarwinds access rights manager up to 2023.2.3 service deserialization

https://vuldb.com/?id.263671

Tags:

Previous Post

Next Post