Header image

SolarWinds Issues Fixes For Flaws

Neither were being used by attackers, but company urges users to update.

SolarWinds has issued a new version of its Access Rights Manager software to address a pair of security flaws.

According to The Hacker News, the vulnerability - tracked as CVE-2024-28991 - could be exploited to facilitate remote code execution. “Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed," said Trend Micro Zero Day Initiative researcher Piotr Bazyldo.

Fixes have also been provided for a medium-severity flaw, tracked as CVE-2024-28990, which could be leveraged to compromise the RabbitMQ management console.

While both vulnerabilities were noted by SolarWinds to not have been actively used by any threat operation, immediate application of ARM version 2024.3.1 has been urged. 

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image