- 262/2024
- Critical
SolarWinds has released a security update to address multiple vulnerabilities affecting SolarWinds ARM 2024.3 and prior versions.
The addressed vulnerabilities could allow the attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system.
The addressed vulnerabilities:
1. SolarWinds Access Rights Manager Code Execution (CVE-2024-28991):
- CVSS: 9
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. SolarWinds Access Rights Manager Authentication Bypass (CVE-2024-28990):
- CVSS: 6.3
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2024-28990
- CVE-2024-28991
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.