CVE-2018-1206

{"id": "CVE-2018-1206", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-03-12T17:29:00.237", "references": [{"url": "http://seclists.org/fulldisclosure/2018/Mar/22", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/103376", "tags": ["VDB Entry", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1040484", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is \"apollosuperuser.\" An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account."}, {"lang": "es", "value": "Dell EMC Data Protection Advisor, en versiones anteriores a la 6.3 Patch 159 y Dell EMC Data Protection Advisor, en versiones anteriores a la 6.4 Patch 110, contienen una cuenta de base de datos embebida con privilegios de administrador. La cuenta afectada es \"apollosuperuser\". Un atacante con acceso local al servidor en el que est\u00e1 instalado DPA Datastore Service y que conozca la contrase\u00f1a podr\u00eda obtener acceso no autorizado a la base de datos. Nota: no se puede acceder de forma remota a la base de datos Datastore Service mediante esta cuenta."}], "lastModified": "2018-04-13T14:51:15.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:data_protection_advisor:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF0EB8B-2808-4853-BF33-F8BA3115E772"}, {"criteria": "cpe:2.3:a:emc:data_protection_advisor:6.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "487958A0-C038-47D0-A977-15A0F63F1626"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}