Multiple SolarWinds Access Right Manager Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-28990 CVSS:6.3

SolarWinds Access Rights Manager could allow a remote attacker from within the local network to bypass security restrictions, caused by the use of hard-coded credentials. An attacker could exploit this vulnerability to gain access to the RabbitMQ management console.

CVE-2024-28991 CVSS:9

SolarWinds Access Rights Manager (ARM) could allow a remote authenticated attacker from within the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Security Bypass
Code Execution

Indicators of Compromise

CVE

CVE-2024-28990
CVE-2024-28991

Affected Vendors

SolarWinds

Affected Products

SolarWinds Access Rights Manager - 2024.3

Remediation

Upgrade to the latest version of Access Rights Manager, available from the SolarWinds Website.

CVE-2024-28990

CVE-2024-28991

APT32 SeaLotus aka OceanLotus Group – Active IOCs

North Korean Threat Actors Use New MISTPEN Malware to Target Energy and Aerospace Sectors – Active IOCs

Multiple SolarWinds Access Right Manager Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan