CVE-2018-15808 - OpenCVE

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Posim	Evo

Configuration 1 [-]

cpe:2.3:a:posim:evo:15.13:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://versprite.com/advisories/posim-evo-for-windows-2/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-23T20:00:00Z

Updated: 2024-09-16T19:15:24.745Z

Reserved: 2018-08-23T00:00:00Z

Link: CVE-2018-15808

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-08-23T20:29:00.433

Modified: 2018-10-26T12:18:33.217

Link: CVE-2018-15808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "POSIM EVO 15.13 for Windows includes hardcoded database credentials for the \"root\" database user. \"root\" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-23T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://versprite.com/advisories/posim-evo-for-windows-2/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "POSIM EVO 15.13 for Windows includes hardcoded database credentials for the \"root\" database user. \"root\" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://versprite.com/advisories/posim-evo-for-windows-2/", "refsource": "MISC", "url": "https://versprite.com/advisories/posim-evo-for-windows-2/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.583Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://versprite.com/advisories/posim-evo-for-windows-2/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-15808", "datePublished": "2018-08-23T20:00:00Z", "dateReserved": "2018-08-23T00:00:00Z", "dateUpdated": "2024-09-16T19:15:24.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:posim:evo:15.13:*:*:*:*:windows:*:*", "matchCriteriaId": "437D50A3-E019-4329-AD9E-8404A49DB5D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "POSIM EVO 15.13 for Windows includes hardcoded database credentials for the \"root\" database user. \"root\" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients."}, {"lang": "es", "value": "POSIM EVO 15.13 para Windows incluye credenciales de base de datos codificadas para el usuario \"root\" de la base de datos. El acceso \"root\" a la base de datos de POSIM EVO puede resultar en una violaci\u00f3n de la confidencialidad, integridad o disponibilidad o permitir que los atacantes ejecuten el c\u00f3digo de forma remota en clientes POSIM EVO asociados."}], "id": "CVE-2018-15808", "lastModified": "2018-10-26T12:18:33.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-23T20:29:00.433", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://versprite.com/advisories/posim-evo-for-windows-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}