Gary Blosser

**Name of the Vulnerable Software and Affected Versions** SolarWinds N-Able N-Central versions prior to 9.5.1.4514 **Description** The issue allows remote authenticated users to obtain the cleartext domain-administrator password. This is possible because the RSM service uses the same password decryption key across different customers' installations. An attacker can locate the encrypted password within HTML source code and then use knowledge of this key from another installation to obtain the password. **Recommendations** For versions prior to 9.5.1.4514, update to version 9.5.1.4514 or later to resolve the issue. As a temporary workaround, consider restricting access to the RSM service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell PowerConnect 6248P (affected versions not specified) **Description** The issue concerns a denial of service that can cause a device crash. This can be triggered by remote attackers sending a malformed request to the web interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.