CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5198
https://notcve.org/view.php?id=CVE-2017-5198
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. SolarWinds LEM (también conocido como SIEM) en versiones anteriores a 6.3.1 tiene una configuración sudo incorrecta, lo que permite a usuarios locales obtener acceso root editando /usr/local/contego/scripts/hostname.sh. • http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html http://www.securityfocus.com/bid/97094 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5199
https://notcve.org/view.php?id=CVE-2017-5199
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. La característica editbanner en SolarWinds LEM (también conocido como SIEM) hasta la versión 6.3.1 permite a usuarios remotos autenticados ejecutar código arbitrario editando /usr/local/contego/scripts/mgrconfig.pl. • http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html http://www.securityfocus.com/bid/97090 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-7840
https://notcve.org/view.php?id=CVE-2015-7840
The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. La consola de administración de linea de comandos (CMC) en SolarWinds Log y Event Manager (LEM) en versiones anteriores a 6.2.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados involucrando la funcionalidad ping. • http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm https://security.gentoo.org/glsa/201603-11 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 94%CPEs: 5EXPL: 0CVE-2014-5504 – SolarWinds Log and Event Manager Static Credential Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-5504
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. SolarWinds Log And Event Manager anterior a 6.0 utiliza credenciales 'estáticas', lo que facilita a atacantes remotos obtener acceso a la base de datos y ejecutar código arbitrario a través de vectores no especificados, relacionado con HyperSQL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the usage of HyperSQL. The issue lies in the usage of static credentials to access the database. • http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm http://www.zerodayinitiative.com/advisories/ZDI-14-303 • CWE-255: Credentials Management Errors •