Headline

CVE-2022-31219

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product.

2 years ago

CVE

Open in Source

#vulnerability #pdf

%PDF-1.7 %�� 1 0 obj <>/Metadata 741 0 R/ViewerPreferences 742 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 842.04] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��\Ko��~?�jF�$�vV@��ZV�`i�Q��hę��(��Ǜ��?�t��m��O�z��ys��

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.