SolarWinds ARM Hardcoded Credential Bypass Enables RabbitMQ Console Access
CVE-2024-28990 Published on September 12, 2024

SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Products Associated with CVE-2024-28990

Want to know whenever a new CVE is published for SolarWinds Access Rights Manager? stack.watch will email you.

SolarWinds Access Rights Manager

Affected Versions

SolarWinds Access Rights Manager:

Version previous versions, <= 2024.3 is affected.

Exploit Probability

EPSS

0.03%

Percentile

7.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.