CVE-2023-40058

Summary

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

Affected Software

VendorProductVersion RangeStatus
SolarWindsAccess Rights Managerprevious versions <= 2023.2.1affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

https://support.solarwinds.com/SuccessCenter/s/article/Creating-a-unique-RabbitMQ-account-in-SolarWihttps://support.solarwinds.com/SuccessCenter/s/article/Creating-a-unique-RabbitMQ-account-in-SolarWinds-ARM

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References