SolarWinds Access Rights Manager Vulnerable to Remote Code Execution
CVE-2024-28075

8.8HIGH

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 14 May 2024

Summary

The Access Rights Manager from SolarWinds is identified as having a vulnerability that permits remote code execution when exploited by an authenticated user. This flaw takes advantage of weaknesses in the service management, allowing unauthorized execution of code on the affected system. Organizations utilizing the Access Rights Manager should apply relevant updates and closely monitor for any unauthorized activities to safeguard their systems against potential exploitation.

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.3

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/ar...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative