Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SolarWinds Patches 11 Critical ARM Flaws

July 19, 2024
Reading Time: 3 mins read
in Alerts
SolarWinds Patches 11 Critical ARM Flaws

SolarWinds has released patches addressing 11 critical security vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities could potentially allow unauthorized access to sensitive data and the execution of arbitrary code. Seven of these flaws are rated as Critical, each carrying a CVSS score of 9.6 out of 10.0, while the remaining four are rated High with a CVSS score of 7.6. The vulnerabilities have been identified and patched in version 2024.3, which was released on July 17, 2024, following responsible disclosure through the Trend Micro Zero Day Initiative (ZDI).

Among the most severe vulnerabilities is CVE-2024-23472, a directory traversal flaw that allows arbitrary file deletion and information disclosure. Another significant flaw, CVE-2024-28074, involves internal deserialization that could enable remote code execution. Other critical vulnerabilities include CVE-2024-23469, which exposes dangerous methods leading to remote code execution, and CVE-2024-23471, a CreateFile directory traversal vulnerability also allowing remote code execution. Exploitation of these flaws could grant attackers elevated privileges, enabling them to read, delete, and execute files on compromised systems.

This patch release follows a recent development where the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity path traversal flaw (CVE-2024-28995) in SolarWinds Serv-U Path to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. The persistent focus on SolarWinds’ security measures underscores the critical need for robust cybersecurity practices, especially given the company’s past experiences with significant cyber threats.

In 2020, SolarWinds was the victim of a major supply chain attack that compromised the update mechanism associated with its Orion network management platform. This attack, attributed to Russian APT29 hackers, involved distributing malicious code to downstream customers as part of a high-profile cyber espionage campaign. The incident led to a lawsuit filed by the U.S. Securities and Exchange Commission (SEC) against SolarWinds and its Chief Information Security Officer (CISO) last October. The SEC alleged that the company failed to disclose adequate material information to investors regarding cybersecurity risks. However, on July 18, 2024, the U.S. District Court for the Southern District of New York dismissed much of the lawsuit, stating that the claims did not plausibly plead actionable deficiencies in the company’s reporting of the cybersecurity hack and relied too heavily on hindsight and speculation.

Reference:

  • SolarWinds Patches 11 Critical Vulnerabilities in Access Rights Manager Update
Tags: Access Rights ManagerArmCISOCyber AlertsCyber Alerts 2024Cyber RiskCyber threatJuly 2024SolarWindsVulnerabilitiesZero-Day
ADVERTISEMENT

Related Posts

Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025
Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025

Latest Alerts

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

Subscribe to our newsletter

    Latest Incidents

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial