This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2024-23470.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2024-23471.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2024-23467.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2024-23466.
This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.0. The following CVEs are assigned: CVE-2024-23465.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2024-28074.
This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-28992.
What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive files on the host machine. CISA has added CVE-2024-28995 to its Known Exploited Vulnerabilities (KEV) catalog on July 17, 2024 and a publicly available proof-of-concept (PoC) exploit code is available.What is the recommended Mitigation?Apply the most recent upgrade or patch from the vendor. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature ” SolarWinds.Serv-U.InternalDir.Directory.Traversal” to detect and block any attack attempts targeting the vulnerability (CVE-2024-28995). FortiGuard Endpoint Vulnerability Signature can help to detect vulnerable software instances (CVE-2024-28995). The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
python-scrapy-2.11.2-1.fc39
Update to 2.11.2
python-scrapy-2.11.2-1.fc40
Update to 2.11.2
