Priya Patel
TLDR:
Key Points:
- SolarWinds disclosed critical vulnerabilities in its Access Rights Manager platform, allowing attackers to bypass authentication and execute remote code.
- The company released an update, Access Rights Manager 2024.3.1, to address these issues.
In a recent disclosure, SolarWinds revealed vulnerabilities in its ARM platform – CVE-2024-28990 and CVE-2024-28991 – which could potentially allow attackers to bypass authentication and execute remote code. Piotr Bazydlo of the Trend Micro Zero Day Initiative responsibly disclosed these vulnerabilities, emphasizing the importance of collaboration between researchers and companies. SolarWinds has released an update, Access Rights Manager 2024.3.1, to patch the vulnerabilities and improve overall platform security.
The update includes several bug fixes, such as displaying correct account information, removing error messages, and ensuring proper workflow display. Organizations using SolarWinds ARM are advised to apply the update immediately to mitigate risks. Known issues during the update process, like configwizard errors, have been addressed with recommended workarounds. SolarWinds remains committed to security and transparency, highlighting the need for continuous vigilance, updates, and collaboration for a robust cybersecurity strategy.
