CVE-2016-5709
https://notcve.org/view.php?id=CVE-2016-5709
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. SolarWinds Virtualization Manager 6.3.1 y versiones anteriores, utiliza un cifrado débil para almacenar contraseñas en /etc/shadow, lo que permite a usuarios locales con privilegios de superusuario obtener contraseñas de usuarios a través de un ataque de fuerza bruta. • http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html http://seclists.org/fulldisclosure/2016/Jun/38 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3642 – Solarwinds Virtualization Manager 6.3.1 Java Deserialization
https://notcve.org/view.php?id=CVE-2016-3642
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El servicio RMI en SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a atacantes ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability. • http://packetstormsecurity.com/files/137486/Solarwinds-Virtualization-Manager-6.3.1-Java-Deserialization.html http://seclists.org/fulldisclosure/2016/Jun/25 http://seclists.org/fulldisclosure/2016/Jun/29 •
CVE-2016-3643 – SolarWinds Virtualization Manager Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a usuarios locales obtener privilegios aprovechando una mala configuración de sudo, según lo demostrado por "sudo cat /etc/passwd". Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration of sudo. SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. • https://www.exploit-db.com/exploits/39967 http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.html http://seclists.org/fulldisclosure/2016/Jun/26 • CWE-264: Permissions, Privileges, and Access Controls •