VYPR

Log And Event Manager

by SolarWinds

CVEs (5)

  • CVE-2017-5199HigMar 24, 2017
    risk 0.57cvss 8.8epss 0.03

    The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.

  • CVE-2017-5198HigMar 24, 2017
    risk 0.57cvss 8.8epss 0.01

    SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.

  • CVE-2015-7839Oct 15, 2015
    risk 0.01cvss epss 0.07

    SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.

  • CVE-2015-7840Oct 15, 2015
    risk 0.00cvss epss 0.04

    The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature.

  • CVE-2014-5504Sep 4, 2014
    risk 0.00cvss epss 0.05

    SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.