ByteOS Network

CVE Vulnerability Details :

CVE-2024-23472

PUBLISHED

More Info Official Page

Assigner-SolarWinds

Assigner Org ID-49f11609-934d-4621-84e6-e02e032104d6

Published At-17 Jul, 2024 | 14:25

Updated At-01 Aug, 2024 | 23:06

▼CVE Numbering Authority (CNA)

SolarWinds Access Rights Manager Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.

Affected Products

Vendor

SolarWinds Worldwide, LLC.

Product

Access Rights Manager

Default Status

affected

Versions

Affected

From previous versions through 2023.2.4 (2024.3)

Problem Types

Type	CWE ID	Description
CWE	CWE-22	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Type: CWE

CWE ID: CWE-22

Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Metrics

Version	Base score	Base severity	Vector
3.1	9.6	CRITICAL	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 9.6

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Impacts

CAPEC ID	Description
CAPEC-37	CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-165	CAPEC-165 File Manipulation

CAPEC ID: CAPEC-37

Description: CAPEC-37 Retrieve Embedded Sensitive Data

CAPEC ID: CAPEC-165

Description: CAPEC-165 File Manipulation

Solutions

All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2024.3

Credits

finder

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

References

Hyperlink	Resource
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm	N/A

Hyperlink: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

SolarWinds Worldwide, LLC.

Product

access_rights_manager

CPEs

cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through 2024.3 (custom)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm	x_transferred

Hyperlink: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

Resource:

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References