VYPR

Access Rights Manager

by SolarWinds

CVEs (14)

  • CVE-2024-23479CriFeb 15, 2024
    risk 0.63cvss 9.6epss 0.06

    SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

  • CVE-2024-23476CriFeb 15, 2024
    risk 0.63cvss 9.6epss 0.07

    The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

  • CVE-2024-23478HigFeb 15, 2024
    risk 0.59cvss 8.0epss 0.82

    SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.

  • CVE-2023-40057CriFeb 15, 2024
    risk 0.59cvss 9.0epss 0.04

    The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

  • CVE-2023-35187HigOct 19, 2023
    risk 0.57cvss 8.8epss 0.03

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

  • CVE-2023-35184HigOct 19, 2023
    risk 0.57cvss 8.8epss 0.01

    The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.

  • CVE-2023-35182HigOct 19, 2023
    risk 0.57cvss 8.8epss 0.02

    The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

  • CVE-2023-35180HigOct 19, 2023
    risk 0.54cvss 8.0epss 0.27

    The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.

  • CVE-2024-23477HigFeb 15, 2024
    risk 0.52cvss 7.9epss 0.08

    The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.

  • CVE-2023-35186HigOct 19, 2023
    risk 0.52cvss 8.0epss 0.02

    The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

  • CVE-2023-35183HigOct 19, 2023
    risk 0.51cvss 7.8epss 0.00

    The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.

  • CVE-2023-35181HigOct 19, 2023
    risk 0.51cvss 7.8epss 0.00

    The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

  • CVE-2023-35185MedOct 19, 2023
    risk 0.44cvss 6.8epss 0.01

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.

  • CVE-2023-40058MedDec 21, 2023
    risk 0.42cvss 6.5epss 0.01

    Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.