Vulnerability Description
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Access Rights Manager | < 2023.2.4 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/arm/content/release_notesRelease Notes
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23473Vendor Advisory
- https://documentation.solarwinds.com/en/success_center/arm/content/release_notesRelease Notes
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23473Vendor Advisory
FAQ
What is CVE-2024-23473?
CVE-2024-23473 is a vulnerability with a CVSS score of 8.6 (HIGH). The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console...
How severe is CVE-2024-23473?
CVE-2024-23473 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23473?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Access Rights Manager.