Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:SOLARWINDS-LOG-EVENT-MANAGR |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
SolarWinds Log and Event Manager Static Credentials |
Release Date |
2014/09/22 |
Update Number |
2421 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: SolarWinds Log and Event Manager Static Credentials
A policy bypass vulnerability exists in SolarWinds Log and Event Manager. A remote attacker can exploit this vulnerability to access the database with administrator privileges. Once accessed, the attacker can read and write information in the database.
Extended Description
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
Affected Products
- Solarwinds log_and_event_manager 5.2.0
- Solarwinds log_and_event_manager 5.4.0
- Solarwinds log_and_event_manager 5.5.0
- Solarwinds log_and_event_manager 5.6.0
- Solarwinds log_and_event_manager 5.7.0
References
- CVE: CVE-2014-5504