The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
Solution:
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Link | Tags |
---|---|
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35180 | vendor advisory |
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | release notes vendor advisory |