May 15, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 9.9. The following CVEs are assigned: CVE-2024-28075.

access access rights arbitrary code attackers authentication can code code execution cves cvss data deserialization exploit manager mechanism rating remote code remote code execution rights solarwinds solarwinds access rights manager untrusted vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

Sr. Product Manager

@ MixMode | Remote, US

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Cyber Security Specialist

@ Ball Corporation | SAO JOSE DOS CAMPOS, São Paulo, BR, 12242-000

Cybersecurity Strategy & Data Systems Manager

@ Mitsubishi Heavy Industries | Orlando, FL, US, 32809