SolarWinds Access Rights Manager Vulnerable to Remote Code Execution
CVE-2024-28075

8.8HIGH

Key Information:

Vendor: Solarwinds
Status: Access Rights Manager
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-28075?

The Access Rights Manager from SolarWinds is identified as having a vulnerability that permits remote code execution when exploited by an authenticated user. This flaw takes advantage of weaknesses in the service management, allowing unauthorized execution of code on the affected system. Organizations utilizing the Access Rights Manager should apply relevant updates and closely monitor for any unauthorized activities to safeguard their systems against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Access Rights Manager previous versions <= 2023.2.3

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/ar...

EPSS Score

73% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

JSON

Solarwinds

What is CVE-2024-28075?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.