CVE-2014-5504
Published Sep 4, 2014
Last updated 10 years ago
Overview
- Description
- SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-255
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:log_and_event_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97D16E76-A32B-47DF-BB11-7404526FF1FA",
"versionEndIncluding": "5.7.0"
},
{
"criteria": "cpe:2.3:a:solarwinds:log_and_event_manager:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB5D00CB-0F36-45EC-B72A-51ACAC05B62C"
},
{
"criteria": "cpe:2.3:a:solarwinds:log_and_event_manager:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F2A977A-0A83-4672-9DCB-5C137B15AE64"
},
{
"criteria": "cpe:2.3:a:solarwinds:log_and_event_manager:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2098D634-C2F5-4DEF-86DB-483BF860D1CF"
},
{
"criteria": "cpe:2.3:a:solarwinds:log_and_event_manager:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F1B9FF2-BAA4-4FB6-940F-E08F5F380578"
}
],
"operator": "OR"
}
]
}
]