The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
References
Configurations
History
10 Feb 2025, 22:49
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | ||
| CPE | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* | |
| First Time |
Solarwinds
Solarwinds access Rights Manager |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | () https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm - Release Notes | |
| References | () https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm - Product | |
| References | () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075 - Vendor Advisory |
14 May 2024, 16:13
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-14 15:13
Updated : 2025-02-10 22:49
NVD link : CVE-2024-28075
Mitre link : CVE-2024-28075
JSON object : View
Products Affected
solarwinds
- access_rights_manager
CWE
No CWE.