tags:solarwindsenterprise_appdeserializationjava original link: SolarWinds Security Event Manager AMF deserialization RCE (CVE-2024-0692) newsletter link: exploits.club Weekly Newsletter 11
Exploits Club Summary:
If you arenât a Chinese speaker, you may have to whip out Google Translate for this one. That said, this detailed write-up from @X1r0z documents the process of identifying the AMF Deserialization Vulnerability, and then walks through two different ways to leverage it into RCE. The bug was disclosed by ZDI on the 1st of this month.