CVE-2015-5371
SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.
La clase AuthenticationFilter en SolarWinds Storage Manager permite a atacantes remotos subir y ejecutar secuencias de comandos arbitrarias a través de vectores no especificados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert the authentication filter. An attacker can leverage this vulnerability to upload malicious scripts that can then be used to execute code under the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-30 CVE Published
- 2015-07-06 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/75515 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-275 | X_refsource_misc |
|
| - |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Storage Manager Search vendor "Solarwinds" for product "Storage Manager" | - | - |
Affected
| ||||||