CVE-2016-5709
https://notcve.org/view.php?id=CVE-2016-5709
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. SolarWinds Virtualization Manager 6.3.1 y versiones anteriores, utiliza un cifrado débil para almacenar contraseñas en /etc/shadow, lo que permite a usuarios locales con privilegios de superusuario obtener contraseñas de usuarios a través de un ataque de fuerza bruta. • http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html http://seclists.org/fulldisclosure/2016/Jun/38 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3642 – Solarwinds Virtualization Manager 6.3.1 Java Deserialization
https://notcve.org/view.php?id=CVE-2016-3642
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El servicio RMI en SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a atacantes ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability. • http://packetstormsecurity.com/files/137486/Solarwinds-Virtualization-Manager-6.3.1-Java-Deserialization.html http://seclists.org/fulldisclosure/2016/Jun/25 http://seclists.org/fulldisclosure/2016/Jun/29 •
CVE-2016-3643 – SolarWinds Virtualization Manager Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a usuarios locales obtener privilegios aprovechando una mala configuración de sudo, según lo demostrado por "sudo cat /etc/passwd". Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration of sudo. SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. • https://www.exploit-db.com/exploits/39967 http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.html http://seclists.org/fulldisclosure/2016/Jun/26 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-2163
https://notcve.org/view.php?id=CVE-2011-2163
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. Vulnerabilidad no especificada en Virtualization Manager v1.2.2 en IBM Systems Director v1.2.2, tiene un impacto y vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=nas7057acf6c8f05fa568625787e0059fb36 http://www.vupen.com/english/advisories/2011/1256 https://exchange.xforce.ibmcloud.com/vulnerabilities/67516 •