CVE-2024-28074

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-502
View all →

Vulnerability Description

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.

Related Vulnerabilities

CVE-2016-10753

HIGH
CVSS:8.8(High)

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

CWE-5022016

CVE-2016-1487

HIGH
CVSS:8.8(High)

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.

CWE-5022016

CVE-2016-4398

HIGH
CVSS:8.8(High)

A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.

CWE-5022016

CVE-2016-4405

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

CWE-5022016

CVE-2016-7065

HIGH
CVSS:8.8(High)

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serializ...

CWE-5022016

CVE-2016-8744

HIGH
CVSS:8.8(High)

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration ...

CWE-5022016