Vulnerabilities > CVE-2018-6443 - Credentials Management vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| id | EDB-ID:46887 |
| last seen | 2019-05-21 |
| modified | 2019-05-21 |
| published | 2019-05-21 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46887 |
| title | Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/153035/brocadena1441-exec.txt |
| id | PACKETSTORM:153035 |
| last seen | 2019-05-24 |
| published | 2019-05-23 |
| reporter | Jakub Palaczynski |
| source | https://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html |
| title | Brocade Network Advisor 14.4.1 Unauthenticated Remote Code Execution |