SolarWinds just patched a whole load of critical security flaws

Eight critical-severity flaws patched by SolarWinds

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

SolarWinds haspatchedmore than a dozen flaws impacting its Access Rights Manager (ARM) software.

Some of the vulnerabilities are classified as critical, and can be abused to steal sensitive information, or run malicious code on vulnerable endpoints.

As such, users are advised to apply the fixes and secure their devices without delay.

Update now

In a security advisory published earlier this week, the company detailed 13 vulnerabilities impacting the software, eight of which are labeled ‘critical’.

Here is a short rundown:

Traversal and Information Disclosure Vulnerability (CVE-2024-23475, 9.6 Critical)Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472, 9.6 Critical)Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074, 9.6 Critical)Exposed Dangerous Method Remote Code Execution Vulnerability (CVE-2024-23469, 9.6 Critical)Traversal Remote Code Execution Vulnerability (CVE-2024-23467, 9.6 Critical)Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23466, 9.6 Critical)UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability (CVE-2024-23470, 9.6 Critical)CreateFile Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23471, 9.6 Critical).

These vulnerabilities, as well as five others (severity scores between 7.6 and 8.3) have been discovered, and reported, by Trend Micro’s Zero Day Initiative (ZDI). They were addressed in version 2024.3, published on July 17 2024.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

SolarWinds specializes in IT management software, offering products for network monitoring, server and application monitoring, IT security, database management, and IT help desk and support.

The company was at the center of a major security snafu back in December 2020, when a breach at the company’s IT infrastructure resulted in a poisoned software update for Orion reaching hundreds of its customers - an incident now considered one of the largest and most devastating supply chain attacks of all time.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

The EU AI Act: What do CISOs need to know to strengthen AI security?