Vulnerability Details CVE-2023-35186
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.5%
CVSS Severity
CVSS v3 Score 8.0
References
- https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186
- https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186
Products affected by CVE-2023-35186
-
cpe:2.3:a:solarwinds:access_rights_manager:-
-
cpe:2.3:a:solarwinds:access_rights_manager:2019.4
-
cpe:2.3:a:solarwinds:access_rights_manager:2020.2
-
cpe:2.3:a:solarwinds:access_rights_manager:2021.4
-
cpe:2.3:a:solarwinds:access_rights_manager:2022.2
-
cpe:2.3:a:solarwinds:access_rights_manager:2022.4
-
cpe:2.3:a:solarwinds:access_rights_manager:2023.2
-
cpe:2.3:a:solarwinds:access_rights_manager:2023.2.0.73
-
cpe:2.3:a:solarwinds:access_rights_manager:9.1
-
cpe:2.3:a:solarwinds:access_rights_manager:9.2