{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-097.pdf"
    },
    "title": "Vulnerabilities in SolarWinds Access Rights Manager",
    "serial_number": "2024-097",
    "publish_date": "16-09-2024 12:05:24",
    "description": "On September 12, 2024, Solarwinds released several advisories addressing  two critical vulnerabilities in SolarWinds Access Rights Manager (ARM). These vulnerabilities, if exploited, could lead to authenticated remote code execution, and authentication bypass[2].<br>\n",
    "url_title": "2024-097",
    "content_markdown": "---\ntitle: 'Vulnerabilities in\u00a0SolarWinds\u00a0Access\u00a0Rights\u00a0Manager'\nnumber: '2024-097'\nversion: '1.0'\noriginal_date: '2024-09-12'\ndate: '2024-09-16'\n---\n\n_History:_\n\n* _16/09/2024 --- v1.0 -- Initial publication_\n\n\n# Summary\n\nOn September 12, 2024, Solarwinds released several advisories addressing  two critical vulnerabilities in SolarWinds Access Rights Manager (ARM). These vulnerabilities, if exploited, could lead to authenticated remote code execution, and authentication bypass [1][2].\n\n# Technical Details\n\nThe vulnerability **CVE-2024-28990**, with a CVSS Score of 6.3, is a hard-coded credential authentication bypass flaw. If exploited, this vulnerability would allow access to the RabbitMQ management console.\n\nThe vulnerability **CVE-2024-28991**, with a CVSS Score of 9.0, is a deserialisation of untrusted data flaw that, if exploited, could lead to remote code execution on the affected server.\n\n# Affected Products\n\nThese vulnerabilities affect SolarWinds Access Rights Manager (ARM) before the version 2024.3.1 (fixed release).\n\n# Recommendations\n\nCERT-EU strongly recommends updating software installations to a fixed version [1][2].\n\n# References\n\n[1] <https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28990>\n\n[2] <https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28991>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>16/09/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 12, 2024, Solarwinds released several advisories addressing two critical vulnerabilities in SolarWinds Access Rights Manager (ARM). These vulnerabilities, if exploited, could lead to authenticated remote code execution, and authentication bypass [1][2].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-28990</strong>, with a CVSS Score of 6.3, is a hard-coded credential authentication bypass flaw. If exploited, this vulnerability would allow access to the RabbitMQ management console.</p><p>The vulnerability <strong>CVE-2024-28991</strong>, with a CVSS Score of 9.0, is a deserialisation of untrusted data flaw that, if exploited, could lead to remote code execution on the affected server.</p><h2 id=\"affected-products\">Affected Products</h2><p>These vulnerabilities affect SolarWinds Access Rights Manager (ARM) before the version 2024.3.1 (fixed release).</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating software installations to a fixed version [1][2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28990\">https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28990</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28991\">https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28991</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}