CVE-2023-35186 | HackTesting

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

Credits

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm