CVE-2018-6443

{"id": "CVE-2018-6443", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-01-22T17:29:00.300", "references": [{"url": "http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html", "source": "sirt@brocade.com"}, {"url": "https://security.netapp.com/advisory/ntap-20190411-0005/", "tags": ["Third Party Advisory"], "source": "sirt@brocade.com"}, {"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743", "tags": ["Third Party Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console."}, {"lang": "es", "value": "Una vulnerabilidad en Brocade Network Advisor Versions, en versiones anteriores a la 14.3.1, puede permitir a un usuario no autenticado iniciar sesi\u00f3n en la interfaz de JBoss Administration de un sistema afectado, utilizando las credenciales de un usuario no documentado e instalar aplicaciones JEE adicionales. Un usuario remoto no autenticado con acceso a librer\u00edas \"Network Advisor\" del cliente y capacitado para descifrar las credenciales de Jboss podr\u00eda obtener acceso a la consola web de Jboss."}], "lastModified": "2019-05-23T18:29:01.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "793B0730-EF5B-4CE7-AC4F-7839078D3384", "versionEndExcluding": "14.3.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:brocade_network_advisor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD0457F-30E5-4AD4-9281-8344CF2B009E"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}