Neither were being used by attackers, but company urges users to update.
SolarWinds has issued a new version of its Access Rights Manager software to address a pair of security flaws.
According to The Hacker News, the vulnerability - tracked as CVE-2024-28991 - could be exploited to facilitate remote code execution. “Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed," said Trend Micro Zero Day Initiative researcher Piotr Bazyldo.
Fixes have also been provided for a medium-severity flaw, tracked as CVE-2024-28990, which could be leveraged to compromise the RabbitMQ management console.
While both vulnerabilities were noted by SolarWinds to not have been actively used by any threat operation, immediate application of ARM version 2024.3.1 has been urged.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
