What is CVE-2024-28075?

CVE-2024-28075 is a critical-severity vulnerability in Solarwinds Access Rights Manager, classified under Deserialization of Untrusted Data. CVSS score: 9.0/10. Published 2024-05-09.

How severe is CVE-2024-28075?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Is CVE-2024-28075 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Solarwinds Access Rights Manager

CVE-2024-28075

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day In…

Vulnerability class: Insecure Deserialization

EPSS: 0.736 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Solarwinds Access Rights Manager — versions previous versions

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

Frequently asked questions

What is CVE-2024-28075?: CVE-2024-28075 is a critical-severity vulnerability in Solarwinds Access Rights Manager, classified under Deserialization of Untrusted Data. CVSS score: 9.0/10. Published 2024-05-09.
How severe is CVE-2024-28075?: Critical severity. CVSS v3 base score is 9.0 out of 10.
Is CVE-2024-28075 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.