Solarwinds Log Event Manager vulnerabilities
3 known vulnerabilities affecting solarwinds/log_event_manager.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-7722P2CRITICALCVSS 10.0PoCv6.3.12017-04-12
CVE-2017-7722 [CRITICAL] CWE-77 CVE-2017-7722: In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
nvd
CVE-2017-7647P3HIGHCVSS 8.8≤ 6.3.12017-04-10
CVE-2017-7647 [HIGH] CVE-2017-7647: SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute a
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
nvd
CVE-2017-7646P3MEDIUMCVSS 6.5≤ 6.3.12017-04-10
CVE-2017-7646 [MEDIUM] CWE-200 CVE-2017-7646: SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse th
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.
nvd