CVE-2024-23468

CVSS 3.1 Score 9.4 of 10 (high)

Details

Published Jul 17, 2024
Updated: Jul 18, 2024
CWE ID 22

Summary

CVE-2024-23468 is a directory traversal and information disclosure vulnerability affecting SolarWinds Access Rights Manager. An unauthenticated user can exploit this weakness to delete arbitrary files and disclose sensitive information, posing a significant risk to system security. This vulnerability permits an attacker to manipulate file paths beyond intended limits, potentially leading to a range of undesirable outcomes. The SolarWinds Access Rights Manager team is urged to apply the necessary patches or updates to mitigate this exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Solarwinds Access Rights Manager

Affected Vendors

  • SolarWinds Inc.