CVE-2024-28074

Summary

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.

Affected Software

VendorProductVersion RangeStatus
SolarWindsAccess Rights Managerprevious versions <= 2023.2.4affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References