Remote Code Execution Vulnerability in SolarWinds Log and Event Manager
CVE-2015-7840

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Log And Event Manager
Vendor: CVE Published:; 15 October 2015

What is CVE-2015-7840?

The command line management console (CMC) of SolarWinds Log and Event Manager (LEM) versions prior to 6.2.0 is susceptible to a vulnerability that allows remote attackers to execute arbitrary code. This exploit can be triggered through unspecified methods involving the ping feature, posing a significant risk to the integrity and confidentiality of the affected systems.

References

https://security.gentoo.org/glsa/201603-11

vendor-advisoryx_refsource_GENTOO

http://www.solarwinds.com/documentation/lem/docs/releasen...

x_refsource_CONFIRM

EPSS Score

19% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2015
Vulnerability Reserved
Oct 15, 2015

Solarwinds

What is CVE-2015-7840?

References

EPSS Score

Timeline