CVE-2023-35186

HIGH

Solarwinds Access Rights Manager - Insecure Deserialization

Title source: rule

Description

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

References (2)

[Release Notes, Vendor Advisory] https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186

Scores

CVSS v3 8.0

EPSS 0.0961

EPSS Percentile 92.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

solarwinds/access_rights_manager < 2023.2.0.73

Timeline

Published Oct 19, 2023

Tracked Since Feb 18, 2026