PT-2014-6500 · Hsql Development+1 · Hypersql+1
G. Geshev
·
Publicado
2014-09-03
·
Atualizado
2014-09-08
·
CVE-2014-5504
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SolarWinds Log and Event Manager versions prior to 6.0
Description
The issue allows remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. This is due to the use of static credentials.
Recommendations
For versions prior to 6.0, update to version 6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hypersql
Solarwinds Log & Event Manager