Skip to main content

Log Event Manager

3 CVEs product

Monthly

CVE-2017-7722 CRITICAL POC PATCH THREAT Act Now

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

Command Injection Log Event Manager
NVD
CVSS 3.0
10.0
EPSS
49.9%
Threat
5.0
CVE-2017-7647 HIGH PATCH This Week

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Log Event Manager
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2017-7646 MEDIUM PATCH This Month

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Log Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.8%
EPSS 50% 5.0 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

Command Injection Log Event Manager
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Log Event Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Log Event Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy