CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5504

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.254

EPSS Ranking 96.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm
http://www.zerodayinitiative.com/advisories/ZDI-14-303/
http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm
http://www.zerodayinitiative.com/advisories/ZDI-14-303/

Products affected by CVE-2014-5504

Solarwinds » Log And Event Manager » Version: Any

cpe:2.3:a:solarwinds:log_and_event_manager:*
Solarwinds » Log And Event Manager » Version: 5.2.0

cpe:2.3:a:solarwinds:log_and_event_manager:5.2.0
Solarwinds » Log And Event Manager » Version: 5.4.0

cpe:2.3:a:solarwinds:log_and_event_manager:5.4.0
Solarwinds » Log And Event Manager » Version: 5.5.0

cpe:2.3:a:solarwinds:log_and_event_manager:5.5.0
Solarwinds » Log And Event Manager » Version: 5.6.0

cpe:2.3:a:solarwinds:log_and_event_manager:5.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5504

Products

Pricing

Contact Us