The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.
Se descubrió que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecución remota de código de autenticación previa. Si se explota, esta vulnerabilidad permite que un usuario no autenticado ejecute comandos y ejecutables.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UserScriptHumster class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.