Remote Code Execution Vulnerability in SolarWinds Log and Event Manager
CVE-2015-7840

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Log And Event Manager
Vendor: CVE Published:; 15 October 2015

Summary

The command line management console (CMC) of SolarWinds Log and Event Manager (LEM) versions prior to 6.2.0 is susceptible to a vulnerability that allows remote attackers to execute arbitrary code. This exploit can be triggered through unspecified methods involving the ping feature, posing a significant risk to the integrity and confidentiality of the affected systems.

References

https://security.gentoo.org/glsa/201603-11

vendor-advisoryx_refsource_GENTOO

http://www.solarwinds.com/documentation/lem/docs/releasen...

x_refsource_CONFIRM

EPSS Score

36% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 15, 2015
Vulnerability Reserved
Oct 15, 2015