CVE-2014-5504

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:solarwinds:log_and_event_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:log_and_event_manager:5.6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:12

Type Values Removed Values Added
References () http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm - () http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm -
References () http://www.zerodayinitiative.com/advisories/ZDI-14-303/ - () http://www.zerodayinitiative.com/advisories/ZDI-14-303/ -

Information

Published : 2014-09-04 17:55

Updated : 2024-11-21 02:12


NVD link : CVE-2014-5504

Mitre link : CVE-2014-5504

CVE.ORG link : CVE-2014-5504


JSON object : View

Products Affected

solarwinds

  • log_and_event_manager
CWE
CWE-255

Credentials Management Errors