VIR Vulnerability Intelligence Relay

CVE-2015-7838

critical
Published 2015-10-15 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.solarwinds.com/documentation/srm/docs/releasenotes/releasenotes.htm

Application impact
VendorProductVersionsFixed
solarwindsstorage_manager{"endIncluding":"6.1"}

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.