Okta: Access Rights Manager Sensitive Data Disclosure via Knowledgebase
CVE-2023-40058 Published on December 21, 2023
Sensitive Information Disclosure Vulnerability
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
Vulnerability Analysis
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-40058 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-40058
Want to know whenever a new CVE is published for SolarWinds Access Rights Manager? stack.watch will email you.
Affected Versions
SolarWinds Access Rights Manager:- Version previous versions, <= 2023.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.