CVE-2024-28074 – SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28074
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-502: Deserialization of Untrusted Data •
CVE-2024-23467 – SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23467
This vulnerability allows an unauthenticated user to perform remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-23466 – SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23466
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-23469 – SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23469
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-20: Improper Input Validation •
CVE-2024-31411 – Apache StreamPipes: Potential remote code execution (RCE) via file upload
https://notcve.org/view.php?id=CVE-2024-31411
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. • https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt • CWE-434: Unrestricted Upload of File with Dangerous Type •