File Browsing Vulnerability in SolarWinds Log & Event Manager
CVE-2017-7646

6.5MEDIUM

Key Information:

Vendor: Solarwinds
Status: Log \& Event Manager
Vendor: CVE Published:; 10 April 2017

Summary

An issue in SolarWinds Log & Event Manager before version 6.3.1 Hotfix 4 allows an authenticated user to inadvertently browse the server's filesystem. This flaw enables the retrieval of arbitrary files, potentially exposing sensitive data that could be exploited by attackers. Organizations using affected versions should prioritize upgrading their installations to mitigate this security risk.

References

https://thwack.solarwinds.com/thread/111223

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 10, 2017