SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

September 17, 2024 at 01:15AM SolarWinds released fixes for two security flaws in its Access Rights Manager (ARM) software. The critical vulnerability (CVE-2024-28991) with a 9.0 CVSS score allows remote code execution. A medium-severity flaw (CVE-2024-28990) was also addressed. Security researcher Piotr Bazydlo discovered the flaws, and updates to ARM version 2024.3.1 are recommended to … Read more

SolarWinds Patches Critical Vulnerability in Access Rights Manager

September 16, 2024 at 05:27AM SolarWinds has released patches for two vulnerabilities in its Access Rights Manager, including a critical-severity bug (CVE-2024-28991) enabling remote code execution. A second issue (CVE-2024-28990) allows an attacker to access RabbitMQ management console. Both were resolved in version 2024.3.1 and users are advised to update installations promptly. No exploitation in … Read more

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager

July 19, 2024 at 07:01AM SolarWinds released security updates for Access Rights Manager, resolving 13 vulnerabilities, including eight critical-severity bugs. Six critical flaws could be exploited for remote code execution, while the remaining two could allow attackers to read and delete arbitrary files. Five high-severity issues were also addressed, impacting domain admin access and arbitrary … Read more

SolarWinds fixes 8 critical bugs in access rights audit software

July 18, 2024 at 11:57AM SolarWinds addressed critical vulnerabilities in its Access Rights Manager software, including RCE and directory traversal flaws. These flaws could allow unprivileged attackers to execute code, delete files, and obtain sensitive information. The company released version 2024.3 with security fixes. SolarWinds has yet to confirm if exploits for the flaws are … Read more

SolarWinds fixes critical RCE bugs in access rights audit solution

February 16, 2024 at 01:36PM SolarWinds patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities allowing unauthenticated exploitation. Four flaws were found and reported by researchers. The company also fixed three other critical RCE bugs in October. SolarWinds was charged with defrauding investors by failing … Read more

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

October 20, 2023 at 04:34PM Eight critical vulnerabilities have been discovered in SolarWinds’ Access Rights Manager Tool, exposing unpatched systems to potential privilege escalation by attackers. The vulnerabilities range from allowing remote code execution to performing local privilege escalation. A new ARM version, 2023.2.1, has been released to fix the vulnerabilities, and SolarWinds clients are … Read more

Critical RCE flaws found in SolarWinds access audit solution

October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more