SolarWinds lem cmc Code Execution Vulnerability (CVE-2015-7839)
SolarWinds lem cmc Code Execution Vulnerability (CVE-2015-7839)
Release date:
Updated on:
Affected Systems:
SolarWinds Log & Event Manager <6.2.0
Description:
CVE (CAN) ID: CVE-2015-7839
SolarWinds Log & Event Manager is a security information and Event management solution.
SolarWinds Log and Event Manager (LEM) has a command injection security vulnerability that is located in a request for/services/messagebroker/nonsecurestreamingamf using the traceroute function, remote attackers can exploit this vulnerability to execute arbitrary code.
<* Source: vendor
Matt Molinyawe
Link: http://www.zerodayinitiative.com/advisories/ZDI-15-461/
*>
Suggestion:
Vendor patch:
SolarWinds
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm
This article permanently updates the link address: