Security News > 2024 > February > RCE vulnerabilities fixed in SolarWinds enterprise solutions

RCE vulnerabilities fixed in SolarWinds enterprise solutions
2024-02-19 05:00

SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations.

The company whose Orion IT administration platform has been infamously compromised in 2020 to deploy backdoors on select agencies' and companies' systems, has patched five vulnerabilities affecting its Access Rights Manager solution.

SolarWinds ARM is used by organizations to manage and audit access rights across their IT infrastructure.

All of the fixed vulnerabilities in SolarWinds ARM have been privately reported either by Trend Micro Zero Day Initiative researcher Piotr Bazyd?o or by anonymous researchers working with that same software vulnerability-hunting program.

The company has also upgraded its SolarWinds Platform to version 2024.1, with new features - among them, new password requirements for local accounts - but also fixes for a slew of bugs and two SQL injection vulnerabilities: CVE-2023-50395 and CVE-2023-35188.

Both have been reported by Piotr Bazyd?o and may allow remote attackers to execute arbitrary code on affected installations of the SolarWinds Platform.


News URL

https://www.helpnetsecurity.com/2024/02/19/solarwinds-arm-platform-vulnerabilities/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2023-50395 SQL Injection vulnerability in Solarwinds Platform
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform.
network
low complexity
solarwinds CWE-89
8.8
2024-02-06 CVE-2023-35188 SQL Injection vulnerability in Solarwinds Platform
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform.
network
low complexity
solarwinds CWE-89
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 103 81 51 268