CVE-2024-28075

CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Authenticated Remote Code Execution via Deserialization

Title source: llm

Description

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

References (3)

Core 3

Core References

Release Notes

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm

Product

https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm

Vendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075

Scores

CVSS v3 9.0

EPSS 0.7356

EPSS Percentile 98.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

solarwinds/access_rights_manager < 2023.2.4

Published May 14, 2024

Tracked Since Feb 18, 2026