Detections
Analytics

CVE-2024-28991

high

Description

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.

References

https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html

https://www.securityweek.com/solarwinds-patches-critical-vulnerability-in-access-rights-manager/

https://securityonline.info/cve-2024-28991-cvss-9-0-solarwinds-access-rights-manager-rce-flaw/?&web_view=true

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm

Details

Source: Mitre, NVD

Published: 2024-09-12

Updated: 2024-09-16

Named Vulnerability: Deserialization of Untrusted Data Remote Code Execution

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.39694