CVE-2014-5504
SolarWinds Log and Event Manager < 6.0 - Remote Code Execution via Static Database Credentials
Title source: llmDescription
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-303/
Various Sources x_refsource_confirm
http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm
Scores
EPSS
0.2545
EPSS Percentile
96.3%
Details
CWE
CWE-255
Status
published
Products (5)
solarwinds/log_and_event_manager
5.2.0
solarwinds/log_and_event_manager
5.4.0
solarwinds/log_and_event_manager
5.5.0
solarwinds/log_and_event_manager
5.6.0
solarwinds/log_and_event_manager
< 5.7.0
Published
Sep 04, 2014
Tracked Since
Feb 18, 2026