Updates address eight critical and five high severity vulnerabilities
Summary
Updates address eight critical and five high severity vulnerabilities
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
SolarWinds has released thirteen security advisories that address eight critical and five high severity vulnerabilities. Some of these vulnerabilities relate to remote code execution (RCE), information disclosure, authentication bypass, and arbitrary file deletion.
Remediation advice
Affected organisations are encouraged to update to SolarWinds ARM 2024.3 and review the following advisories.
Remediation steps
| Patch |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-23475) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23475 |
| Patch |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-28992) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28992 |
| Patch |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-23468) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23468 |
| Patch |
SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23472 |
| Patch |
SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28074 |
| Patch |
SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability (CVE-2024-23469) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23469 |
| Patch |
SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability (CVE-2024-23465) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23465 |
| Patch |
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-28993) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28993 |
| Patch |
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23466) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23466 |
| Patch |
SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability (CVE-2024-23470) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23470 |
| Patch |
SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23474) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23474 |
| Patch |
SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23471) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23471 |
| Patch |
SolarWinds Access Rights Manager Traversal Remote Code Execution Vulnerability (CVE-2024-23467) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23467 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 19 July 2024 2:41 pm