CVE-2024-28075 CRITICAL

CVE-2024-28075: SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution

Vendor Solarwinds
Product Access Rights Manager
Weakness CWE-502 · Unsafe deserialization
Published May 9, 2024
Last update August 2, 2024

CVSS base score

9.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Key dates

02Disclosure timeline

May 9, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE