Security News > 2024 > July > SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager software that could be exploited to access sensitive information or execute arbitrary code.

Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0.

Successful exploitation of the aforementioned vulnerabilities could allow an attacker to read and delete files and execute code with elevated privileges.

The development comes after the U.S. Cybersecurity and Infrastructure Security Agency placed a high-severity path traversal flaw in SolarWinds Serv-U Path to its Known Exploited Vulnerabilities catalog following reports of active exploitation in the wild.

The network security company was the victim of a major supply chain attack in 2020 after the update mechanism associated with its Orion network management platform was compromised by Russian APT29 hackers to distribute malicious code to downstream customers as part of a high-profile cyber espionage campaign.

The breach prompted the U.S. Securities and Exchange Commission to file a lawsuit against SolarWinds and its chief information security officer last October alleging the company failed to disclose adequate material information to investors regarding cybersecurity risks.

News URL

https://thehackernews.com/2024/07/solarwinds-patches-11-critical-flaws-in.html