CVE-2014-5504

critical

Description

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-303/

http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm

Details

Source: Mitre, NVD

Published: 2014-09-04

Updated: 2014-09-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics