U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:solarwinds:access_rights_manager:2023.2.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2024-23479

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

Published: February 15, 2024; 4:15:10 PM -0500 		V4.0:(not available)
 V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2024-23478

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.

Published: February 15, 2024; 4:15:09 PM -0500 		V4.0:(not available)
 V3.1: 8.0 HIGH
V2.0:(not available)
CVE-2024-23477

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

Published: February 15, 2024; 4:15:09 PM -0500 		V4.0:(not available)
 V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2024-23476

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

Published: February 15, 2024; 4:15:09 PM -0500 		V4.0:(not available)
 V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2023-40057

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

Published: February 15, 2024; 4:15:08 PM -0500 		V4.0:(not available)
 V3.1: 9.0 CRITICAL
V2.0:(not available)
CVE-2023-40058

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

Published: December 21, 2023; 12:15:07 PM -0500 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)