CVSS: 9.9EPSS: 8%CPEs: 1EXPL: 0CVE-2023-40057 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-40057
15 Feb 2024 — The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. Se descubrió que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecución remota de código. This... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23477 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23477
15 Feb 2024 — The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remo... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23476 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23476
15 Feb 2024 — The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite que un usuario no autenticado logre la ejecución remota de código. This vulnerability allows re... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23476 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 68%CPEs: 1EXPL: 0CVE-2024-23478 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-23478
15 Feb 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de ejecución remota de código. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecución remota de cód... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23478 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23479 – SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23479
15 Feb 2024 — SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Se descubrió que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecución remota de código. This vulnerability allows remote a... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40058 – Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-40058
21 Dec 2023 — Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Se agregaron datos confidenciales a nuestra base de conocimiento pública que, si se explotan, podrían usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno. This vulnerability allows remote attackers to bypass authentication on affected installatio... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 9%CPEs: 1EXPL: 0CVE-2023-35186 – SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35186
19 Oct 2023 — The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite que un usuario autenticado abuse del servicio SolarWinds, lo que resulta en la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on... • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2023-35182 – SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35182
19 Oct 2023 — The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad puede ser aprovechada por usuarios no autenticados en SolarWinds ARM Server. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-35187 – SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35187
19 Oct 2023 — The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code. Esta vulnerabilidad permite que un usuario no autenticado logre la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Ri... • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35183 – SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35183
19 Oct 2023 — The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios autenticados abusar de los recursos locales para escalar privilegios. This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access R... • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm • CWE-276: Incorrect Default Permissions •