SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2024-28991)

Summary

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.

Affected Products

SolarWinds ARM 2024.3 and prior versions

Fixed Software Release

SolarWinds Access Rights Manager (ARM) 2024.3.1

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details
Severity
Critical
Advisory ID

CVE-2024-28991

First Published
09/12/2024
Fixed Version

SolarWinds Access Rights Manager (ARM) 2024.3.1

CVSS Score

CVSS:9.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Download PDF
Send an Email