Short Name |
APP:SOLARWINDS-LOG-EVENT-MANAGR |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
SolarWinds Log and Event Manager Static Credentials |
Release Date |
2014/09/22 |
Update Number |
2421 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A policy bypass vulnerability exists in SolarWinds Log and Event Manager. A remote attacker can exploit this vulnerability to access the database with administrator privileges. Once accessed, the attacker can read and write information in the database.
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.