CVE-2024-28075

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-14 15:13

Updated : 2024-05-14 16:13

NVD link : CVE-2024-28075

Mitre link : CVE-2024-28075

CVE.ORG link : CVE-2024-28075

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

9.0 /10