Lucene search
HistorySep 04, 2014 - 5:55 p.m.
CVE-2014-5504
cve-2014-5504
solarwinds
log and event manager
vulnerability
database
arbitrary code
hypersql
7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.94 High
EPSS
Percentile
99.2%
SolarWinds Log and Event Manager before 6.0 uses “static” credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
Affected configurations
Node
solarwindslog_and_event_managerRange≤5.7.0
ORsolarwindslog_and_event_managerMatch5.2.0
ORsolarwindslog_and_event_managerMatch5.4.0
ORsolarwindslog_and_event_managerMatch5.5.0
ORsolarwindslog_and_event_managerMatch5.6.0
Related
zdi
zdi
prion
prion
Design/Logic Flaw
2014-09-04 17:55:00
cvelist
cvelist
CVE-2014-5504
2014-09-04 17:00:00
nessus
nessus
SolarWinds Log and Event Manager < 6.0.1 HyperSQL Remote Code Execution
2014-11-07 00:00:00
checkpoint_advisories
checkpoint_advisories
SolarWinds Log and Event Manager Static Credentials (CVE-2014-5504)
2014-09-30 00:00:00
nvd
nvd
CVE-2014-5504
2014-09-04 17:55:08
7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.94 High
EPSS
Percentile
99.2%
Related for CVE-2014-5504