SolarWinds Access Rights Manager Tool (ARM) Reveals Critical Vulnerabilities, Posing High Privilege Threats

As organizations rely on the SolarWinds Access Rights Manager Tool (ARM) for efficient IT management, the discovery of eight vulnerabilities, including three critical ones, has raised concerns regarding the potential for attackers to gain the highest levels of privilege in unpatched systems. Trend Micro’s Zero Day Initiative (ZDI) recently disclosed a series of vulnerabilities in ARM, highlighting the critical need for prompt action to protect corporate networks.

SolarWinds as a Critical IT Management Platform

SolarWinds holds a unique and sensitive position in corporate networks as a comprehensive IT management platform. The compromised integrity of SolarWinds could have far-reaching consequences, jeopardizing the confidentiality, availability, and overall security of an organization’s operations. Thus, vulnerabilities in SolarWinds, such as those found in ARM, demand immediate attention and mitigation.

Details of the Discovered Vulnerabilities

Trend Micro’s ZDI has shed light on a range of vulnerabilities in ARM, classifying them as “High” and “Critical”. These vulnerabilities expose potential avenues for attackers to exploit and compromise corporate networks.

Critical Severity Vulnerabilities

Among the identified vulnerabilities, the most severe vulnerability allows remote unauthenticated attackers to execute arbitrary code at the system level. This poses a significant threat, as attackers could gain control over critical infrastructure elements. Furthermore, two vulnerabilities grant unauthorized users the ability to abuse local resources and exploit incorrect folder permissions to escalate their privileges within the system. These vulnerabilities emphasize the importance of robust access controls and permissions management.

Other vulnerabilities, rated 8.8 out of 10 by Trend Micro, enable users to abuse SolarWinds services or the ARM API for remote code execution. These exploits highlight the need for regular monitoring and security assessments to detect and prevent unauthorized access to SolarWinds resources.

Regarding RCE Vulnerabilities

The most alarming vulnerabilities identified by Trend Micro are the trio of Remote Code Execution (RCE) vulnerabilities, each assigned a “critical” rating of 9.8. These vulnerabilities, namely CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187, lack proper validation for the methods createGlobalServerChannelInternal, OpenFile, and OpenClientUpdateFile, respectively. The absence of authentication requirements for exploitation heightens the risk, allowing attackers to run arbitrary code at the SYSTEM level. This level of access provides the utmost control, enabling attackers to infiltrate and manipulate critical systems without hindrance.

Patching the Vulnerabilities

SolarWinds has responded swiftly to the discovered vulnerabilities by releasing ARM version 2023.2.1. This updated version effectively addresses all eight vulnerabilities, ensuring enhanced protection against potential exploitation. It is crucial for organizations to promptly update their ARM installations and implement the patch to mitigate the risk of compromise.

The vulnerabilities discovered in the SolarWinds Access Rights Manager Tool (ARM) serve as a grave reminder of the importance of robust cybersecurity practices. With the potential for attackers to gain high levels of privilege and execute arbitrary code, organizations cannot afford to delay taking action. By promptly updating their ARM installations and staying vigilant in monitoring and mitigating potential vulnerabilities, organizations can better defend against potential attacks and protect their vital IT infrastructure. Safeguarding SolarWinds and other critical platforms remains essential to maintain data integrity, confidentiality, and overall network security.

Explore more

Ethereum’s Fragile Recovery Faces Resistance and Low Demand

The Ethereum ecosystem is currently navigating a treacherous landscape where price action struggles to align with the technical milestones achieved during the most recent network upgrades. While the shift to a more scalable architecture was intended to invite a surge of institutional and retail capital, the reality in 2026 shows a market plagued by indecision and a noticeable lack of

macOS 28 Drops Support for Encrypted Mac OS Extended Volumes

The landscape of digital storage has shifted dramatically over the past decade, leaving legacy file systems struggling to keep pace with the rigorous security demands of modern computing environments. With the release of macOS 28, the long-standing compatibility for encrypted Mac OS Extended (HFS+) volumes has officially reached its end of life, signaling a definitive transition toward the more robust

CapCut Named 2026 Leader in AI Social Media Content Creation

The rapid evolution of generative artificial intelligence has fundamentally altered the digital landscape, shifting the burden of high-quality video production from specialized studios to the palm of every creator’s hand across the globe. By mid-2026, the demand for short-form content reached an all-time high, necessitating tools that could keep pace with the volatile trends of social media algorithms. CapCut emerged

How Will AI and RPA Shape Desktop Automation in 2026?

The integration of cognitive computing with traditional robotic process automation has fundamentally altered the way desktop environments operate across global industries today. No longer confined to the rigid, rule-based scripts of previous cycles, modern automation tools now serve as dynamic, goal-oriented assistants capable of navigating the intricacies of fragmented software landscapes. This shift has allowed organizations to bridge the significant

UiPath Navigates AI Pivot Amid Market Skepticism

The transition from legacy robotic process automation to a sophisticated, agent-centric architecture has forced enterprise software giants to fundamentally rethink their value propositions in an era defined by autonomous reasoning. This paradigm shift represents more than a mere software update; it is a complete structural overhaul that seeks to bridge the gap between simple task execution and complex cognitive decision-making.