CVE-2024-28990 Information
Sep 13, 2024
cve
Description
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited this vulnerability would allow access to the RabbitMQ management console.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Reference
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990 https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
6.3
Share on: