ARM 2023.2.4 release notes
Release date: May 9, 2024
These release notes were last updated on May 13, 2024.
Access Rights Manager 2023.2.4 is a service release providing bug and security fixes for release 2023.2. For information about the 2023.2 release, including EOL notices and upgrade information, see Access Rights Manager 2023.2 Release Notes.
Learn more
- See the ARM 2023.2.4 system requirements.
- For information about working with ARM, see the ARM 2023.2.4 Administrator Guide.
New features and improvements in ARM
IP whitelisting
IP whitelisting allows you to create and enable a list of trusted IP addresses that can access the ARM server and collector. When IP whitelisting and the Windows Firewall are enabled on a supported ARM server, all users from an untrusted IP address are restricted from accessing the server and collector.
See IP whitelisting in the ARM Administrator Guide for instructions.
See the system requirements for the collector, server, and port requirements.
Fixes
| Case number | Description |
|---|---|
|
01336804 |
You can now start the ARM Diagnostics tool after you install or update the application. |
|
01573280 |
ARM can now scan over 1,000 Microsoft Exchange mailboxes. |
CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2024-28075 | SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | 9.0 Critical | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2024-23473 | SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability |
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. |
8.6 High | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
Known issues
Configwizard error
In some cases where ARM server fails to restart automatically after the update, an error occurs in the basic config while configuring the Rabbit MQ credentials.
Resolution or workaround:
Manually restart the ARM service. If the error persists, delete the pnServer.messaging.config.xml file and restart the ARM service.
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.