File Browsing Vulnerability in SolarWinds Log & Event Manager
CVE-2017-7646

6.5MEDIUM

Key Information:

Vendor: Solarwinds
Status: Log \& Event Manager
Vendor: CVE Published:; 10 April 2017

What is CVE-2017-7646?

An issue in SolarWinds Log & Event Manager before version 6.3.1 Hotfix 4 allows an authenticated user to inadvertently browse the server's filesystem. This flaw enables the retrieval of arbitrary files, potentially exposing sensitive data that could be exploited by attackers. Organizations using affected versions should prioritize upgrading their installations to mitigate this security risk.

References

https://thwack.solarwinds.com/thread/111223

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 10, 2017

Solarwinds

What is CVE-2017-7646?

References

CVSS V3.1

Timeline