CVE-2018-15808 - OpenCVE

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Posim	Evo

Configuration 1 [-]

cpe:2.3:a:posim:evo:15.13:*:*:*:*:windows:*:*

References

Link	Resource
https://versprite.com/advisories/posim-evo-for-windows-2/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:24

Updated: 2022-10-03T16:22:24

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-15808

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-23T20:29:00.433

Modified: 2018-10-26T12:18:33.217

Link: CVE-2018-15808

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:posim:evo:15.13:*:*:*:*:windows:*:*", "matchCriteriaId": "437D50A3-E019-4329-AD9E-8404A49DB5D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "POSIM EVO 15.13 for Windows includes hardcoded database credentials for the \"root\" database user. \"root\" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients."}, {"lang": "es", "value": "POSIM EVO 15.13 para Windows incluye credenciales de base de datos codificadas para el usuario \"root\" de la base de datos. El acceso \"root\" a la base de datos de POSIM EVO puede resultar en una violaci\u00f3n de la confidencialidad, integridad o disponibilidad o permitir que los atacantes ejecuten el c\u00f3digo de forma remota en clientes POSIM EVO asociados."}], "id": "CVE-2018-15808", "lastModified": "2018-10-26T12:18:33.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-23T20:29:00.433", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://versprite.com/advisories/posim-evo-for-windows-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}