15 matches found
EUVD-2017-16652
Malware in sbrugna...
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability
The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...
CVE-2017-7722
In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...
Default credentials
In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...
CVE-2017-7722
In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...
CVE-2017-7722
CVE-2017-7722 affects SolarWinds Log & Event Manager (LEM) versions before 6.3.1 Hotfix 4. The vulnerability resides in the restrictssh portion of the menuing script used when SSH is accessed with the default credentials (username: cmc, password). Exploitation can escape the restricted shell via ...
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
Command injection
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands...
CVE-2017-7646
SolarWinds Log & Event Manager (LEM) prior to 6.3.1 Hotfix 4 allows an authenticated user to browse the server filesystem and read arbitrary files. Risk details are not expanded beyond this description in the provided documents. Remediation: upgrade to 6.3.1 Hotfix 4 or newer where indicated.
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
CVE-2017-7647
SolarWinds Log & Event Manager (LEM) prior to 6.3.1 Hotfix 4 is affected by CVE-2017-7647, allowing an authenticated user to execute arbitrary commands. The issue is documented across multiple feeds (Red Hat, NVD, CNVD, Nessus plugin) with the core impact being remote command execution via an aut...
CVE-2015-7839
SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...
How to Diagnose Network Fault with Log & Event Manager
Diagnosing network fault is one of the toughest questions for an IT Pro to answer because there is no single or best way. IT infrastructures are multi-layered and integrate many different systems which makes identifying the cause of network fault a difficult task. At a high level, the process of...
Log and Event Manager now with File Integrity Monitoring
Security pros everywhere rely on SolarWinds Log & Event Manager for powerful, affordable, and efficient Security Information and Event Management SIEM. Our All-In-One SIEM combines log management, event correlation, visualization, reporting, File Integrity Monitoring, USB defense, SQL database...
SolarWinds Log & Event Manager for Log Management and SEIM Security
SolarWinds® Log & Event Manager LEM, a full-function Security & Information Event Management SIEM solution, delivers powerful log management capabilities in a highly affordable, easy-to-deploy virtual appliance. SolarWinds LEM combines real-time log analysis, event correlation, and a groundbreaki...