Static Credential Vulnerability in SolarWinds Log and Event Manager
CVE-2014-5504

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Log And Event Manager
Vendor: CVE Published:; 4 September 2014

Summary

SolarWinds Log and Event Manager prior to version 6.0 contains a vulnerability due to the use of static credentials, exposing the database to unauthorized remote access. This flaw can be exploited by attackers, enabling them to execute arbitrary code through undisclosed vectors. Such access poses significant security risks, allowing for potential data breaches and system compromises.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-303/

x_refsource_MISC

http://www.solarwinds.com/documentation/lem/docs/releasen...

x_refsource_CONFIRM

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Aug 28, 2014