Vulnerability Description
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Appsync | < 3.5.0.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Oct/68Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/101626Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Oct/68Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/101626Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-14376?
CVE-2017-14376 is a vulnerability with a CVSS score of 7.8 (HIGH). EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.
How severe is CVE-2017-14376?
CVE-2017-14376 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14376?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Appsync.