Solarwinds: >> Log & Event Manager >> 6.3.1 Security Vulnerabilities
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
CVSS Score
10.0
EPSS Score
0.499
Published
2017-04-12
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-04-10
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.027
Published
2017-04-10