ARM 2023.2.3 release notes
Release date: February 15, 2024
Here's what's new in ARM 2023.2.3. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of ARM, see ARM previous versions. To view release notes for multiple versions
New features and improvements in ARM
There were no features or improvements added for ARM in this release.
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2023-40057 | SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
9.0 Critical | Anonymous working with Trend Micro Zero Day Initiative |
| CVE-2024-23476 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
9.6 Critical | Anonymous working with Trend Micro Zero Day Initiative |
| CVE-2024-23477 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
7.9 High | Anonymous working with Trend Micro Zero Day Initiative |
| CVE-2024-23478 | SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
8.0 High | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2024-23479 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
9.6 Critical | Anonymous working with Trend Micro Zero Day Initiative |
Installation or upgrade
ARM and SolarWinds platform or Orion Platform products must be installed on separate servers. Note that ARM is not a SolarWinds platform or Orion Platform product.
For information about installing Access Rights Manager see the ARM Installation Guide.
If you are upgrading from a previous version, see Perform an update installation located in the Access Rights Manager Installation and Upgrade Guide for directions.
Beginning in version 2020.2, the ARM server has been renamed from pnServer.exe to armServer.exe. Please note this change if you have set up the appropriate firewall rules.
End of life
Integration with the SolarWinds Platform requires a supported version of the platform.
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2022.4 | November 3, 2023: End-of-Life (EoL) announcement – Customers on ARM version 2022.4 or earlier should begin transitioning to the latest version of ARM. | April 16, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ARM version 2022.4 or earlier will no longer actively be supported by SolarWinds. | November 3, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ARM version 2022.4. |
| 2022.3 | November 3, 2023: End-of-Life (EoL) announcement – Customers on ARM version 2022.3 or earlier should begin transitioning to the latest version of ARM. | April 16, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ARM version 2022.3 or earlier will no longer actively be supported by SolarWinds. | November 3, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ARM version 2022.3. |
| 2021.4 | April 17, 2023: End-of-Life (EoL) announcement – Customers on ARM version 2021.4 or earlier should begin transitioning to the latest version of ARM. | October 17, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ARM version 2021.4 or earlier will no longer actively be supported by SolarWinds. | April 17, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ARM version 2021.4. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier ARM versions, see ARM release history.
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.