Nate Kettlewell

**Name of the Vulnerable Software and Affected Versions** SolarWinds Virtualization Manager versions 6.3.1 and earlier **Description** The issue exists due to weak encryption used for storing passwords. This allows a local attacker to obtain user passwords using a brute force attack. The estimated number of potentially affected devices is not specified. **Recommendations** For SolarWinds Virtualization Manager versions 6.3.1 and earlier, consider restricting access to the `/etc/shadow` file to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit local user privileges with superuser access to reduce the potential for brute force attacks on stored passwords.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Virtualization Manager versions 6.3.1 and earlier **Description** The issue is related to the RMI component of the SolarWinds Virtualization Manager, which is vulnerable to deserialization of untrusted data. This can be exploited by a remote attacker using a specially crafted serialized Java object, potentially allowing the execution of arbitrary commands. The vulnerability is related to the Apache Commons Collections (ACC) library. **Recommendations** For SolarWinds Virtualization Manager versions 6.3.1 and earlier, consider disabling the RMI service as a temporary workaround until a patch is available. Restrict access to the RMI component to minimize the risk of exploitation. Avoid using the vulnerable RMI service in the affected SolarWinds Virtualization Manager versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Virtualization Manager versions 6.3.1 and earlier **Description** The issue is related to a misconfiguration of `sudo` in SolarWinds Virtualization Manager, which can be exploited by a local attacker to gain elevated privileges. This can be demonstrated by executing commands such as `sudo cat /etc/passwd`. **Recommendations** For SolarWinds Virtualization Manager versions 6.3.1 and earlier, correct the `sudo` misconfiguration to prevent privilege escalation. Ensure that `sudo` is properly configured to restrict unauthorized access to sensitive files and commands.

**Name of the Vulnerable Software and Affected Versions** Infoblox NetMRI versions prior to 6.8.5 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `skipjackUsername` parameter in the `config/userAdmin/login.tdf` file. **Recommendations** For versions prior to 6.8.5, update to version 6.8.5 or later to resolve the issue.