all InfoSec news
CVE-2022-38108: RCE in SolarWinds Network Performance Monitor
Zero Day Initiative - Blog www.zerodayinitiative.com
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hong and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the SolarWinds Network Performance Monitor. This bug was originally discovered and reported by ZDI Vulnerability Research Piotr Bazydło. The vulnerability results from the lack of proper validation of user-supplied data, which can result in the deserialization of untrusted data. An authenticated attacker can leverage this vulnerability to execute …
blog post bug code code execution cve data deserialization justin micro miller monitor network performance rce remote code remote code execution report research result results service solarwinds team trend trend micro untrusted validation vulnerability vulnerability research zdi