CVE-2014-5504

SolarWinds Log and Event Manager < 6.0 - Remote Code Execution via Static Database Credentials

Title source: llm
STIX 2.1

Description

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-303/

Scores

EPSS 0.0539
EPSS Percentile 91.7%

Details

CWE
CWE-255
Status published
Products (5)
solarwinds/log_and_event_manager 5.2.0
solarwinds/log_and_event_manager 5.4.0
solarwinds/log_and_event_manager 5.5.0
solarwinds/log_and_event_manager 5.6.0
solarwinds/log_and_event_manager < 5.7.0
Published Sep 04, 2014
Tracked Since Feb 18, 2026