Lucene search

SolarWindsCVELIST:CVE-2024-28075

HistoryMay 09, 2024 - 12:42 p.m.

CVE-2024-28075 SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution

2024-05-0912:42:44

CWE-502

SolarWinds

www.cve.org

solarwinds

access rights manager

remote code execution

vulnerability

trend micro

zero day initiative

responsible disclosure

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

Percentile

15.9%

JSON

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Access Rights Manager",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.3",
        "status": "affected",
        "version": "previous versions",
        "versionType": "2023.2.3"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm

documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2024-28075