June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Snake Keylogger Malware – Active IOCs
July 19, 2024
Multiple Apache Products Vulnerabilities
July 19, 2024
Snake Keylogger Malware – Active IOCs
July 19, 2024
Multiple Apache Products Vulnerabilities
July 19, 2024
Severity
High
Analysis Summary
CVE-2024-28074 CVSS:9.6
SolarWinds Access Rights Manager could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the createGlobalServerChannelInternal method. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM.
CVE-2024-23470 CVSS:9.6
SolarWinds Access Rights Manager could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the UserScriptHumster class. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM.
CVE-2024-23468 CVSS:7.6
SolarWinds Access Rights Manager allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the deleteTransferFile method. An attacker could send a specially crafted URL request containing "dot dot" sequences to delete and view arbitrary files in the context of a highly privileged domain user.
CVE-2024-23471 CVSS:9.6
SolarWinds Access Rights Manager could allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the CreateFile method. An attacker could send a specially crafted URL request containing "dot dot" sequences to execute arbitrary code in the context of SYSTEM.
CVE-2024-23467 CVSS:9.6
SolarWinds Access Rights Manager could allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the ExpandZipFile method. An attacker could send a specially crafted URL request containing "dot dot" sequences to execute arbitrary code in the context of SYSTEM.
CVE-2024-23466 CVSS:9.6
SolarWinds Access Rights Manager could allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the Connect method. An attacker could send a specially crafted URL request containing "dot dot" sequences to execute arbitrary code in the context of SYSTEM.
CVE-2024-23465 CVSS:8.3
SolarWinds Access Rights Manager could allow a remote attacker to bypass security restrictions, caused by a flaw in the ChangeHumster class. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass Active Directory authentication.
CVE-2024-28992 CVSS:7.6
SolarWinds Access Rights Manager could allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the deleteTransferFile method. An attacker could send a specially crafted URL request containing "dot dot" sequences to delete and view arbitrary files on the system.
CVE-2024-23469 CVSS:9.6
SolarWinds Access Rights Manager could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the EndUpdate method. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM.
Impact
- Gain Access
- Security Bypass
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-28074
- CVE-2024-23470
- CVE-2024-23468
- CVE-2024-23471
- CVE-2024-23467
- CVE-2024-23466
- CVE-2024-23465
- CVE-2024-28992
- CVE-2024-23469
Affected Vendors
SolarWinds
Affected Products
- SolarWinds Access Rights Manager 2023.2.4
Remediation
Upgrade to the latest version of Access Rights Manager, available from the SolarWinds Website.
