CVE-2023-35182 HIGH

CVE-2023-35182: SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vendor Solarwinds

Product Access Rights Manager

Weakness CWE-502 · Unsafe deserialization

Published October 19, 2023

Last update September 12, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

Key dates

02Disclosure timeline

October 19, 2023 CVE published

September 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-35182 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2023-35182

CWE CWE-502

CVSS 8.8 / HIGH

Affected versions