Lucene search
HistorySep 12, 2024 - 2:16 p.m.
CVE-2024-28991
solarwinds
access rights manager
arm
remote code execution
vulnerability
authenticated user
service abuse
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
Affected configurations
Node
solarwindsaccess_rights_managerRange<2024.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | access_rights_manager | * | cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
cve
cve
CVE-2024-28991
2024-09-12 14:16:06
vulnrichment
vulnrichment
nessus
nessus
SolarWinds ARM 2024.3.1 Multiple Vulnerabilities (2024-3-1)
2024-09-18 00:00:00
thn
thn
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
2024-09-17 04:34:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
Related for NVD:CVE-2024-28991