CVE-2023-35186

HIGH

SolarWinds Access Rights Manager < 2023.2.0.73 - Authenticated Remote Code Execution via Deserialization

Title source: llm

Description

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

References (2)

Core 2

Core References

Release Notes, Vendor Advisory

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm

Vendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186

Scores

CVSS v3 8.0

EPSS 0.0961

EPSS Percentile 93.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

solarwinds/access_rights_manager < 2023.2.0.73

Published Oct 19, 2023

Tracked Since Feb 18, 2026