File Upload Vulnerability in SolarWinds Storage Manager
CVE-2015-7838

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Storage Manager
Vendor: CVE Published:; 15 October 2015

Summary

The vulnerability in SolarWinds Storage Manager allows remote attackers to exploit the ProcessFileUpload.jsp file to upload and execute arbitrary files. This vulnerability is particularly concerning as it can potentially give attackers the ability to run malicious code on the affected systems, leading to unauthorized access and data breaches. Users are recommended to update to version 6.2 or later to mitigate the risk associated with this issue.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-460

x_refsource_MISC

http://www.solarwinds.com/documentation/srm/docs/releasen...

x_refsource_CONFIRM

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 15, 2015