SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability
(CVE-2024-28991)
Summary
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
Affected Products
SolarWinds ARM 2024.3 and prior versions
Fixed Software Release
SolarWinds Access Rights Manager (ARM) 2024.3.1
Acknowledgments
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
9.0 Critical
Advisory ID
First Published
09/12/2024