CVE-2014-5504

Published: Sep 4, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.

Affected (5)

Products: Solarwinds: Log And Event Manager

Solarwinds

1 product

Log And Event Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Log And Event Manager	Up to 5.7.0
Solarwinds Log And Event Manager	Version 5.2.0
Solarwinds Log And Event Manager	Version 5.4.0
Solarwinds Log And Event Manager	Version 5.5.0
Solarwinds Log And Event Manager	Version 5.6.0

Related CWEs

CWE-255

References (4)

http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-14-303/

Source: cve@mitre.org

http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-14-303/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.