Security News > 2024 > February > RCE vulnerabilities fixed in SolarWinds enterprise solutions
SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations.
The company whose Orion IT administration platform has been infamously compromised in 2020 to deploy backdoors on select agencies' and companies' systems, has patched five vulnerabilities affecting its Access Rights Manager solution.
SolarWinds ARM is used by organizations to manage and audit access rights across their IT infrastructure.
All of the fixed vulnerabilities in SolarWinds ARM have been privately reported either by Trend Micro Zero Day Initiative researcher Piotr Bazyd?o or by anonymous researchers working with that same software vulnerability-hunting program.
The company has also upgraded its SolarWinds Platform to version 2024.1, with new features - among them, new password requirements for local accounts - but also fixes for a slew of bugs and two SQL injection vulnerabilities: CVE-2023-50395 and CVE-2023-35188.
Both have been reported by Piotr Bazyd?o and may allow remote attackers to execute arbitrary code on affected installations of the SolarWinds Platform.
News URL
https://www.helpnetsecurity.com/2024/02/19/solarwinds-arm-platform-vulnerabilities/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-50395 | SQL Injection vulnerability in Solarwinds Platform SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. | 8.8 |
| 2024-02-06 | CVE-2023-35188 | SQL Injection vulnerability in Solarwinds Platform SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. | 8.8 |