Products
SolarWinds Access Rights Manager (ARM)
Source
psirt@solarwinds.com
Tags
CVE-2024-28991 details
Published : Sept. 12, 2024, 2:16 p.m.
Last Modified : Sept. 12, 2024, 6:14 p.m.
Last Modified : Sept. 12, 2024, 6:14 p.m.
Description
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.0 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-502 | Deserialization of Untrusted Data | The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.0
Exploitability Score
2.3
Impact Score
6.0
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm | psirt@solarwinds.com |
| https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991 | psirt@solarwinds.com |
This website uses the NVD API, but is not approved or certified by it.