CVE-2018-1206

Published: Mar 12, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.

Affected (2)

Products: Emc: Data Protection Advisor

1 product

Data Protection Advisor

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Data Protection Advisor	Version 6.3.0
Emc Data Protection Advisor	Version 6.4.0

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

http://seclists.org/fulldisclosure/2018/Mar/22

Source: security_alert@emc.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/103376

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040484

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Mar/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/103376

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040484

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.