Critical Vulnerabilities Discovered in SolarWinds Access Rights Manager

Written by

SolarWinds, a leading IT management software provider, has recently disclosed two significant vulnerabilities, CVE-2024-28990 and CVE-2024-28991, in its Access Rights Manager (ARM) platform. These vulnerabilities pose serious risks, allowing attackers to bypass authentication and execute remote cod.

CVE-2024-28990: Hardcoded credentials allow attackers to access the RabbitMQ management console.
CVE-2024-28991: Remote code execution through deserialization of untrusted data.

A service update, ARM 2024.3.1, has been released, addressing these vulnerabilities alongside several bug fixes. SolarWinds emphasizes the importance of timely patching to mitigate enterprise risks.

CVE-2025-24813: Unauthenticated RCE in Apache Tomcat – PoC Released

May 31, 2025
FortiVoice Zero-Day Vulnerability (CVE-2025-32756) Exploited in the Wild

May 23, 2025
CVE-2025-0133: Palo Alto Networks GlobalProtect XSS Vulnerability

May 23, 2025
CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild

April 27, 2025

Critical Vulnerabilities Discovered in SolarWinds Access Rights Manager

More posts

CVE-2025-24813: Unauthenticated RCE in Apache Tomcat – PoC Released

FortiVoice Zero-Day Vulnerability (CVE-2025-32756) Exploited in the Wild

CVE-2025-0133: Palo Alto Networks GlobalProtect XSS Vulnerability

CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild