SolarWinds Access Rights Manager Vulnerable to Remote Code Execution

CVE-2024-28075

9CRITICAL

Key Information

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 14 May 2024

Summary

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Affected Version(s)

Access Rights Manager <= 2023.2.3

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Mar 1, 2024

Collectors

NVD DatabaseMitre Database

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative