SolarWinds Releases Patches for Access Rights Manager vulnerabilities…

… - 20240219001
LSerki · Feb 19, 2024 · 278edae · 278edae
1 parent a3e7478
commit 278edae
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/...19001-SolarWinds-Releases-Patches-for-Access-Rights-Manager-vulnerabilities .md b/...19001-SolarWinds-Releases-Patches-for-Access-Rights-Manager-vulnerabilities .md
@@ -0,0 +1,24 @@
+# SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001
+
+## Overview
+
+SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity     | CVSS |
+| ------------------- | ------- | ------------ | ---- |
+| SolarWinds Access Rights Manager (ARM) **2023.2.2** | [CVE-2024-23476](https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23476)        | **Critical** | 9.6  |
+| SolarWinds Access Rights Manager (ARM) **2023.2.2** | [CVE-2024-23479](https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23479)        | **Critical** | 9.6  |
+| SolarWinds Access Rights Manager (ARM) **2023.2.2** | [CVE-2023-40057](https://www.solarwinds.com/trust-center/security-advisories/cve-2023-40057)        | **Critical** | 9.0  |
+| SolarWinds Access Rights Manager (ARM) **2023.2.2** | [CVE-2024-23478](https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23478)       | **High** | 8.0  |
+| SolarWinds Access Rights Manager (ARM) **2023.2.2**| [CVE-2024-23477](https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23477)        | **High** | 7.9  |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)):
+- [SolarWinds Security Vulnerablities](https://www.solarwinds.com/trust-center/security-advisories)
+- [ARM 2023.2.3 Release Notes](https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm)
+## Additional References
+
+- [SolarWinds fixes critical RCE bugs in access rights audit solution](https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bugs-in-access-rights-audit-solution/)