Описание
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
Уязвимые конфигурации
Конфигурация 1Версия до 5.7.0 (включая)
Одно из
cpe:2.3:a:solarwinds:log_and_event_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.25447
Средний
7.5 High
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
EPSS
Процентиль: 96%
0.25447
Средний
7.5 High
CVSS2
Дефекты
CWE-255