CVE-2024-28075

CRITICAL

Solarwinds Access Rights Manager < 2023.2.4 - Insecure Deserialization

Title source: rule

Description

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

References (3)

[Release Notes] https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm

[Product] https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075

Scores

CVSS v3 9.0

EPSS 0.7356

EPSS Percentile 98.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

solarwinds/access_rights_manager < 2023.2.4

Timeline

Published May 14, 2024

Tracked Since Feb 18, 2026