📦

log_\&_event_manager

Vendor: solarwinds

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 2 Remote Access

Total CVEs 51 Total Indexed

Avg. EPSS 17.81% Exploit Prob.

Latest CVE CVE-2017-7722 Apr 12

Security Vulnerability Index

Page 1 / 6

10.0 CVSS

CVE-2017-7722

RCE

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.

EPSS: 49.94%

Severity: CRITICAL

Apr 12, 2017

8.8 CVSS

CVE-2017-7647

RCE

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.

EPSS: 2.65%

Severity: HIGH

Apr 10, 2017

6.5 CVSS

CVE-2017-7646

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.

EPSS: 0.83%

Severity: MEDIUM

Apr 10, 2017

Displaying 3 of 51 Total Entries

1 2 3 4 5 ... 6

Total 6 Sections