SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability 

(CVE-2024-28991)

Summary

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.

Affected Products

SolarWinds ARM 2024.3 and prior versions

Fixed Software Release

SolarWinds Access Rights Manager (ARM) 2024.3.1

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

9.0 Critical

Advisory ID

First Published

09/12/2024