CVE-2014-5504

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Log And Event Manager
Vendor: CVE Published:; 4 September 2014

Summary

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-303/

x_refsource_MISC

http://www.solarwinds.com/documentation/lem/docs/releasen...

x_refsource_CONFIRM

EPSS Score

93% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Aug 28, 2014