SolarWinds ARM RCE via Unauth Access
CVE-2023-35182 Published on October 19, 2023

SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2023-35182 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2023-35182

Want to know whenever a new CVE is published for SolarWinds Access Rights Manager? stack.watch will email you.

SolarWinds Access Rights Manager

Affected Versions

SolarWinds Access Rights Manager:

Version previous versions, <= 2023.2.0.73 is affected.

solarwinds access_rights_manager:

Before and including 2023.2.0.73 is affected.

Exploit Probability

EPSS

4.65%

Percentile

89.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SolarWinds ARM RCE via Unauth AccessCVE-2023-35182 Published on October 19, 2023

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2023-35182

Affected Versions

Exploit Probability

SolarWinds ARM RCE via Unauth Access
CVE-2023-35182 Published on October 19, 2023