CVE-2018-6443
First published: Tue Jan 22 2019(Updated: )
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brocade Network Advisor | <14.3.1 | |
| Netapp Brocade Network Advisor |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2018-6443.
What is the severity level of CVE-2018-6443?
The severity level of CVE-2018-6443 is high, with a CVSS score of 8.1.
Which software versions are affected by CVE-2018-6443?
Brocade Network Advisor versions before 14.3.1 and Netapp Brocade Network Advisor are affected by CVE-2018-6443.
How can an attacker exploit CVE-2018-6443?
An unauthenticated, remote attacker can exploit CVE-2018-6443 by logging in to the JBoss Administration interface of an affected system using undocumented user credentials and installing additional JEE applications.
Is there a fix available for CVE-2018-6443?
Yes, users should upgrade to Brocade Network Advisor version 14.3.1 or later to fix CVE-2018-6443.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/brocade
- canonical/brocade network advisor
- vendor/netapp
- canonical/netapp brocade network advisor