SolarWinds ARM Hardcoded Creds Auth Bypass & Deserialization RCE (CVE-2024-28990/28991)

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. **Vulnerability IDs and Descriptions**: - **CVE-2024-28990**: SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability. - **CVE-2024-28991**: SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability. 2. **Vulnerability Severity**: - **CVE-2024-28990**: Medium. - **CVE-2024-28991**: Critical. 3. **Vulnerability Descriptions**: - **CVE-2024-28990**: SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. - **CVE-2024-28991**: SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. 4. **Vulnerability Discoverers**: - **CVE-2024-28990**: Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative. - **CVE-2024-28991**: Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative. This information provides a detailed overview of two known vulnerabilities, including their IDs, severity levels, descriptions, and the individuals who discovered them.

Goal Reached Thanks to every supporter — we hit 100%!

SolarWinds ARM Hardcoded Creds Auth Bypass & Deserialization RCE (CVE-2024-28990/28991)