Page 2 of 15 results (0.013 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Se agregaron datos confidenciales a nuestra base de conocimiento pública que, si se explotan, podrían usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno. This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a RabbitMQ instance. The issue results from the use of hard-coded credentials. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios autenticados abusar de los recursos locales para escalar privilegios. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35183 • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code utilizando privilegios de SYSTEM. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35185 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios abusar de permisos de carpeta incorrectos, lo que resulta en una escalada de privilegios. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite a los usuarios autenticados abusar de la API ARM de SolarWinds. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35180 • CWE-502: Deserialization of Untrusted Data •