CVE-2018-25272
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elba | ELBA5 | 5.8.0 | affected |
Weaknesses
- CWE-326: Inadequate Encryption Strength
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/45905
- https://www.elba.at
- https://www.vulncheck.com/advisories/elba5-remote-code-execution-via-database-access
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.