CVE-2024-28990

Published: Sep 12, 2024Modified: Feb 26, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Affected (1)

Products: Solarwinds: Access Rights Manager

1 product

Access Rights Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Access Rights Manager	Before 2024.3.1

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990

Source: psirt@solarwinds.com

Vendor Advisory

Timeline

No history available yet.