CVE-2018-6443
moderate-risk
Published 2019-01-22
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Do I need to act?
~
7.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (2)
Brocade Network Advisor
References (6)
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190411-0005/
Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/br...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190411-0005/
Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/br...
48
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
17/34 · Moderate
Exposure
7/34 · Low