Vulnerability Description
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brocade | Network Advisor | < 14.3.1 |
| Netapp | Brocade Network Advisor | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unaut
- https://security.netapp.com/advisory/ntap-20190411-0005/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brThird Party Advisory
- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unaut
- https://security.netapp.com/advisory/ntap-20190411-0005/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brThird Party Advisory
FAQ
What is CVE-2018-6443?
CVE-2018-6443 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocum...
How severe is CVE-2018-6443?
CVE-2018-6443 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6443?
Check the references section above for vendor advisories and patch information. Affected products include: Brocade Network Advisor, Netapp Brocade Network Advisor.