CVE-2023-35183: 
SolarWinds Access Rights Manager vulnerability analysis and mitigation

The SolarWinds Access Rights Manager (ARM) was affected by a privilege escalation vulnerability (CVE-2023-35183) that allows authenticated users to abuse local resources. The vulnerability was discovered in ARM version 2023.2.0.73 and earlier versions, with a fix released on October 18, 2023, in version 2023.2.1 (Release Notes, Vendor Advisory).

The vulnerability is classified with a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from incorrect default permissions in the system, categorized under CWE-276 (Incorrect Default Permissions) (NVD).

The vulnerability allows authenticated users with local access to escalate their privileges to higher levels within the system, potentially gaining unauthorized access to sensitive resources and system controls (Dark Reading).

SolarWinds has released version 2023.2.1 of Access Rights Manager which addresses this vulnerability. Users are advised to upgrade to this version immediately to mitigate the risk (Release Notes).

The vulnerability was discovered and reported by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative, highlighting the collaborative effort between security researchers and vendors in responsible vulnerability disclosure (Release Notes).