{"id":1169,"date":"2024-07-19T13:38:25","date_gmt":"2024-07-19T13:38:25","guid":{"rendered":"http:\/\/localhost:9000\/?p=1169"},"modified":"2024-07-19T13:38:25","modified_gmt":"2024-07-19T13:38:25","slug":"kriticke-zranitelnosti-v-produktoch-solarwinds-access-rights-manager","status":"publish","type":"post","link":"http:\/\/localhost:9000\/posts\/1169","title":{"rendered":"Kritick\u00e9 zranite\u013enosti v\u00a0produktoch SolarWinds Access Rights Manager"},"content":{"rendered":"\n<p><strong>Spolo\u010dnos\u0165 SolarWinds vydala bezpe\u010dnostn\u00e9 aktualiz\u00e1cie produktu SolarWinds Access Rights Manager, ktor\u00e9 opravuj\u00fa 13 zranite\u013enost\u00ed, z\u00a0toho 8 ozna\u010den\u00fdch ako kritick\u00e9. Kritick\u00e9 zranite\u013enosti mo\u017eno zneu\u017ei\u0165 na vykonanie \u0161kodliv\u00e9ho k\u00f3du a\u00a0z\u00edskanie \u00faplnej kontroly nad syst\u00e9mom. Ostatn\u00e9 zranite\u00ad\u00ad\u013enosti umo\u017e\u0148uj\u00fa neopr\u00e1vnen\u00fd pr\u00edstup do syst\u00e9mu, neopr\u00e1vnen\u00fd pr\u00edstup k\u00a0citliv\u00fdm \u00fadajom a\u00a0vykonanie neopr\u00e1vnen\u00fdch zmien v\u00a0syst\u00e9me.<\/strong><\/p>\n\n\n\n<p><strong>Zranite\u013en\u00e9 syst\u00e9my:<\/strong><\/p>\n\n\n\n<ul>\n<li>SolarWinds Access Rights Manager vo verzii 2024.2.4 a star\u0161ej<\/li>\n<\/ul>\n\n\n\n<p><strong>Opis zranite\u013enosti:<\/strong><br><strong>CVE-2024-23466, CVE-2024-23467, CVE-2024-23469, CVE-2024-23470, CVE-2024-23471, CVE-2024-23472, CVE-2024-28074, CVE-2024-23475<\/strong> (CVSS sk\u00f3re 9,6)<br>Kritick\u00e9 zranite\u013enosti umo\u017e\u0148uj\u00face zneu\u017eitie vn\u00fatornej deserializ\u00e1cie,  vyu\u017eitie nebezpe\u010dnej met\u00f3dy a\u00a0prech\u00e1dzanie obsahu adres\u00e1rov by  autentifikovan\u00fd alebo neautentifikovan\u00fd \u00fato\u010dn\u00edk nach\u00e1dzaj\u00faci sa  v\u00a0rovnakej sieti mohol zneu\u017ei\u0165 na vykonanie \u0161kodliv\u00e9ho k\u00f3du, z\u00edskanie  neopr\u00e1vnen\u00e9ho pr\u00edstupu k\u00a0citliv\u00fdm \u00fadajom, zv\u00fd\u0161enie opr\u00e1vnen\u00ed, mazaniu  a\u00a0\u010d\u00edtaniu s\u00faborov alebo vykonanie neopr\u00e1vnen\u00fdch zmien v\u00a0syst\u00e9me.<\/p>\n\n\n\n<p><strong>Mo\u017en\u00e9 \u0161kody:<\/strong><\/p>\n\n\n\n<ul>\n<li>Vzdialen\u00e9 vykonanie k\u00f3du<\/li>\n\n\n\n<li>Eskal\u00e1cia privil\u00e9gi\u00ed<\/li>\n\n\n\n<li>Neopr\u00e1vnen\u00fd pr\u00edstup do syst\u00e9mu<\/li>\n\n\n\n<li>Neopr\u00e1vnen\u00fd pr\u00edstup k\u00a0citliv\u00fdm \u00fadajom<\/li>\n\n\n\n<li>Vykonanie neopr\u00e1vnen\u00fdch zmien v syst\u00e9me<\/li>\n\n\n\n<li>\u00dapln\u00e9 naru\u0161enie d\u00f4vernosti, integrity a\u00a0dostupnosti syst\u00e9m<\/li>\n<\/ul>\n\n\n\n<p><strong>Odpor\u00fa\u010dania:<\/strong><\/p>\n\n\n\n<p><strong>Administr\u00e1torom a\u00a0pou\u017e\u00edvate\u013eom odpor\u00fa\u010dame bezodkladne aktualizova\u0165 SolarWinds Access Rights Manager na verziu 2024.3 a\u00a0nov\u0161ie.<\/strong><\/p>\n\n\n\n<p><strong>Zdroje:<\/strong><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23466\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23466<span style=\"font-size:11.5pt;mso-fareast-font-family:&quot;Times New Roman&quot;;mso-bidi-font-family:\nCalibri;mso-bidi-theme-font:minor-latin;color:black;mso-fareast-language:SK\"><\/span><\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23467\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23467<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23469\ufffc\"><span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span>https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23469<span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span><\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23470\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23470<span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span><\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23471\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23471<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23472\ufffc\"><span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span>https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23472<span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span><\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28074\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28074<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23475\"><span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span>https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23475<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23465\"><span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span>https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23465<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23468\"><span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span>https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23468<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23474\"><span style=\"font-size:11.5pt;line-height:107%;mso-fareast-font-family:&quot;Times New Roman&quot;;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin;color:black;\nmso-fareast-language:SK\"><\/span>https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-23474<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28992\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28992<\/a><br><a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28993\">https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28993<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Spolo\u010dnos\u0165 SolarWinds vydala bezpe\u010dnostn\u00e9 aktualiz\u00e1cie produktu SolarWinds Access Rights Manager, ktor\u00e9 opravuj\u00fa 13 zranite\u013enost\u00ed, z\u00a0toho 8 ozna\u010den\u00fdch ako kritick\u00e9. Kritick\u00e9&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,7],"tags":[24,20,17,19,64],"_links":{"self":[{"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/posts\/1169"}],"collection":[{"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/comments?post=1169"}],"version-history":[{"count":2,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/posts\/1169\/revisions"}],"predecessor-version":[{"id":1171,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/posts\/1169\/revisions\/1171"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/media\/1052"}],"wp:attachment":[{"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/media?parent=1169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/categories?post=1169"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/localhost:9000\/wp-json\/wp\/v2\/tags?post=1169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}