The vulnerability of the ExecuteAction function in the SolarWinds Access Rights Manager allows a violator to execute arbitrary code.

The vulnerability of the ExecuteAction function in the SolarWinds Access Rights Manager software lies in the possibility of unreliable data being restored to memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteAction method. The issue results from the lack of proper...

[ H ] In executeAction function, ETH can remain stuck after reverting due to a failed call.

Lines of code Vulnerability details Impact If and when the executeAction function reverts at either of the checks, the amount of ETH sent along with the call will be locked in the contract forever, with no current measures of recovery. Proof of Concept executeAction is called, but the call fails ...

Ownership transfer not correctly handled for flash loans

Lines of code Vulnerability details Impact In response to a flashloan, proxyRegistry.getCurrentProxyowner is used to retrieve the correct user proxy and check that this proxy has initiated the flash loan. This can be problematic after ownership transfers of the proxy, where...