Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds log and event manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-5504
SolarWinds Log and Event Manager prior to 6.0 uses "static" credentials, which makes it easier for remote malicious users to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
Solarwinds Log And Event Manager
Solarwinds Log And Event Manager 5.6.0
Solarwinds Log And Event Manager 5.5.0
Solarwinds Log And Event Manager 5.2.0
Solarwinds Log And Event Manager 5.4.0
7.5
CVSSv2
CVE-2015-7840
The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) prior to 6.2.0 allows remote malicious users to execute arbitrary code via unspecified vectors involving the ping feature.
Solarwinds Log And Event Manager
7.2
CVSSv2
CVE-2017-5198
SolarWinds LEM (aka SIEM) prior to 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.
Solarwinds Log And Event Manager
7.5
CVSSv2
CVE-2015-7839
SolarWinds Log and Event Manager (LEM) allows remote malicious users to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.
Solarwinds Log And Event Manager
6.5
CVSSv2
CVE-2017-5199
The editbanner feature in SolarWinds LEM (aka SIEM) up to and including 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
Solarwinds Log And Event Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started