July 19, 2024 at 04:33AM
SolarWinds has addressed critical security flaws in its Access Rights Manager (ARM) software, including 11 vulnerabilities and their severity ratings. These flaws could allow attackers to access sensitive information and execute code with elevated privileges. The vulnerabilities have been fixed in version 2024.3 after responsible disclosure by the Trend Micro Zero Day Initiative.
Key Takeaways from Meeting Notes:
1. SolarWinds has addressed a set of critical security flaws in its Access Rights Manager (ARM) software, which could lead to unauthorized access to sensitive information and execution of arbitrary code.
2. The vulnerabilities are rated as critical and high severity with CVSS scores ranging from 7.6 to 9.6.
3. The most severe vulnerabilities include directory traversal, internal deserialization remote code execution, and dangerous method remote code execution.
4. Successful exploitation of these vulnerabilities could result in file reading, deletion, and code execution with elevated privileges.
5. The vulnerabilities have been addressed in version 2024.3 released on July 17, 2024, following responsible disclosure as part of the Trend Micro Zero Day Initiative (ZDI).
6. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity path traversal flaw in SolarWinds Serv-U Path to its Known Exploited Vulnerabilities catalog.
7. SolarWinds, which was victim to a major supply chain attack in 2020, faced a lawsuit from the U.S. Securities and Exchange Commission (SEC) pertaining to cybersecurity risk disclosure. However, many claims in the lawsuit were dismissed by the U.S. District Court for the Southern District of New York.
For more exclusive content, follow on Twitter and LinkedIn.