|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-04-16 | |
| Rule Name: | Solarwinds Log and Event Manager Static Credentials Information Disclosure Vulnerability -2 (CVE-2014-5504) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Other Unix, Linux | |
| Reference: | http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm ZeroDayInitiative:ZDI-14-303 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm |