Serial number: AV24-406
Date: July 18, 2024
On July 17, 2024, SolarWinds published security advisories to address critical vulnerabilities in the following product:
- SolarWinds Access Rights Manager (ARM) – version 2023.2.4 and prior
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
- SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23471)
- SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability (CVE-2024-23469)
- SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074)
- SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472)
- SolarWinds Security Vulnerabilities