CVE-2024-23465

EPSS 1.94%
Veröffentlicht 17.07.2024 15:15:10
Zuletzt bearbeitet 21.11.2024 08:57:45
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Access Rights Manager Version <= 2023.2.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.94%	0.775

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@solarwinds.com	8.3	1.6	6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23465

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23465