CVE-2024-23465 | THREATINT

Description

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.

PUBLISHED Reserved 2024-01-17 | Published 2024-07-17 | Updated 2024-08-01 | Assigner SolarWinds

HIGH: 8.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-287 Improper Authentication

Product status

Default status

affected

previous versions (2024.3)

affected

Credits

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative finder

References

documentation.solarwinds.com/...arm_2024-3_release_notes.htm

cve.org (CVE-2024-23465)

nvd.nist.gov (CVE-2024-23465)

help @ threatint.eu