all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-38108: RCE in SolarWinds Network Performance Monitor

Add to bookmarks
Feb. 28, 2023, 4:40 p.m. | Trend Micro Research Team

Zero Day Initiative - Blog www.zerodayinitiative.com

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hong and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the SolarWinds Network Performance Monitor. This bug was originally discovered and reported by ZDI Vulnerability Research Piotr Bazydło. The vulnerability results from the lack of proper validation of user-supplied data, which can result in the deserialization of untrusted data. An authenticated attacker can leverage this vulnerability to execute …

blog post bug code code execution cve data deserialization justin micro miller monitor network performance rce remote code remote code execution report research result results service solarwinds team trend trend micro untrusted validation vulnerability vulnerability research zdi

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 2 weeks, 1 day ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 3 weeks, 1 day ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 1 month, 1 week ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 1 month, 1 week ago | www.zerodayinitiative.com
blog blog post browser day one +11
Pwn2Own Vancouver 2024 - The Full Schedule 1 month, 1 week ago | www.zerodayinitiative.com
blog post
The March 2024 Security Update Review 1 month, 2 weeks ago | www.zerodayinitiative.com
adobe blog post can check +14
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability 1 month, 3 weeks ago | www.zerodayinitiative.com
arbitrary file write blog post bug crlf injection +26
The February 2024 Security Update Review 2 months, 2 weeks ago | www.zerodayinitiative.com
adobe blog post february latest +11
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability 2 months, 3 weeks ago | www.zerodayinitiative.com
avalanche blog post code code execution +32

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs