Neither were being used by attackers, but company urges users to update.
SolarWinds has issued a new version of its Access Rights Manager software to address a pair of security flaws.
According to The Hacker News, the vulnerability - tracked as CVE-2024-28991 - could be exploited to facilitate remote code execution. “Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed," said Trend Micro Zero Day Initiative researcher Piotr Bazyldo.
Fixes have also been provided for a medium-severity flaw, tracked as CVE-2024-28990, which could be leveraged to compromise the RabbitMQ management console.
While both vulnerabilities were noted by SolarWinds to not have been actively used by any threat operation, immediate application of ARM version 2024.3.1 has been urged.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
