HIGH🇵🇱 Wersja polska

CVE-2015-2284

CVSS 10.0v2.0pub. 2015-03-24upd. 2026-05-06

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Solarwinds Firewall Security Manager

    APP
    Solarwinds
    ≤ 6.6.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEFirewall
CWE
References

Related vulnerabilities

CVE-2025-40551CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia

CVE-2025-26399CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)

CVE-2024-28987CRITICAL9.1⚠ KEVPL ✓ten sam vendor

SolarWinds Web Help Desk – hardcoded credential umożliwia zdalny dostęp

CVE-2024-28986CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez Java Deserialization w SolarWinds Web Help Desk

CVE-2021-35211CRITICAL9.0⚠ KEVten sam vendor

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a ...