Five Critical Severity RCE Vulnerabilities In Access Rights Manager Patched By SolarWinds
SolarWinds patched five RCE vulnerabilities in Access Rights Manager (ARM), including three critical flaws. These issues, like path traversal weaknesses and untrusted data deserialization, allow unauthorized code execution. Two other high-severity bugs were also addressed. Four vulnerabilities were reported by researchers collaborating with Trend Micro's Zero Day Initiative, while the fifth was discovered by a ZDI researcher. SolarWinds released the patched version, ARM 2023.2.3, on Thursday, with no reported exploits in the wild. Read more...