CVE-2018-6443
N/A
N/A
Summary
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Brocade Communications Systems, Inc. | Brocade Network Advisor | All versions prior to version 14.3.1 | affected |
Weaknesses
- Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743
- https://security.netapp.com/advisory/ntap-20190411-0005/
- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html
References
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743
- https://security.netapp.com/advisory/ntap-20190411-0005/
- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.