CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5709 – Solarwinds Virtualization Manager 6.3.1 Weak Crypto
https://notcve.org/view.php?id=CVE-2016-5709
17 Jun 2016 — SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. SolarWinds Virtualization Manager 6.3.1 y versiones anteriores, utiliza un cifrado débil para almacenar contraseñas en /etc/shadow, lo que permite a usuarios locales con privilegios de superusuario obtener contraseñas de usuarios a través de un ataque de fuerza bruta. Solarwinds Virtualization Manager... • http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 7%CPEs: 1EXPL: 3CVE-2016-3643 – SolarWinds Virtualization Manager Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3643
15 Jun 2016 — SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a usuarios locales obtener privilegios aprovechando una mala configuración de sudo, según lo demostrado por "sudo cat /etc/passwd". Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration o... • https://packetstorm.news/files/id/137487 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 2CVE-2016-3642 – Solarwinds Virtualization Manager 6.3.1 Java Deserialization
https://notcve.org/view.php?id=CVE-2016-3642
15 Jun 2016 — The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El servicio RMI en SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a atacantes ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). Solarwinds Virtualization Manager versions 6.3.... • https://packetstorm.news/files/id/137486 •