SolarWinds has fixed several Remote Code Execution (RCE) in its Access Rights Manager (ARM) solution.
Access Rights Manager (ARM) is a software solution designed to assist organizations in managing and monitoring access rights and permissions within their IT infrastructure. This type of tool is crucial for maintaining security, compliance, and efficient administration of user access to various resources, systems, and data.
Below is the list of flaws addressed by the company:
ADVISORY | CVE ID | SEVERITY | RELEASE DATE | LAST UPDATE | FIXED VERSION |
---|---|---|---|---|---|
9.0 Critical | 02/06/2024 | 02/06/2024 | |||
9.6 Critical | 02/06/2024 | 02/06/2024 | |||
7.9 High | 02/06/2024 | 02/06/2024 | |||
8.0 High | 02/06/2024 | 02/06/2024 | |||
9.6 Critical | 02/06/2024 | 02/06/2024 | |||
8.0 High | 02/06/2024 | 02/06/2024 | |||
8.0 High | 02/06/2024 | 02/06/2024 |
The three critical remote code execution flaws are:
The company fixed the flaws with the release of .
SolarWinds made the headlines in 2020, when Russia-linked APT group carried out a supply chain attack that compromised the Orion software provided by the company.
In a with US SEC, the company revealed that 18,000 customers might have been impacted by the cyber attack against its supply chain.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, SolarWinds)