CVE-2021-31579 - OpenCVE

Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Akkadianlabs	Ova Appliance Provisioning Manager

Configuration 1 [-]

OR	cpe:2.3:a:akkadianlabs:ova_appliance::::::::
	cpe:2.3:a:akkadianlabs:provisioning_manager::::::::
	cpe:2.3:a:akkadianlabs:provisioning_manager::::::::

No data.

References

Link	Providers
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2021-07-22T18:27:17

Updated: 2024-08-03T23:03:33.409Z

Reserved: 2021-04-22T00:00:00

Link: CVE-2021-31579

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-22T19:15:08.817

Modified: 2021-08-09T18:04:09.337

Link: CVE-2021-31579

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Provisioning Manager Engine (PME)", "vendor": "Akkadian", "versions": [{"lessThanOrEqual": "4.50.18", "status": "affected", "version": "4.50.18", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Cale Black, Ryan Villarreal, and Jonathan Peterson of Rapid7"}], "descriptions": [{"lang": "en", "value": "Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-22T18:27:17", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/"}], "source": {"discovery": "EXTERNAL"}, "title": "Akkadian Provisioning Manager Engine (PME) Hard-Coded Credentials", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "ID": "CVE-2021-31579", "STATE": "PUBLIC", "TITLE": "Akkadian Provisioning Manager Engine (PME) Hard-Coded Credentials"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Provisioning Manager Engine (PME)", "version": {"version_data": [{"version_affected": "<=", "version_name": "4.50.18", "version_value": "4.50.18"}]}}]}, "vendor_name": "Akkadian"}]}}, "credit": [{"lang": "eng", "value": "Cale Black, Ryan Villarreal, and Jonathan Peterson of Rapid7"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-798 Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/", "refsource": "MISC", "url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:03:33.409Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2021-31579", "datePublished": "2021-07-22T18:27:17", "dateReserved": "2021-04-22T00:00:00", "dateUpdated": "2024-08-03T23:03:33.409Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:akkadianlabs:ova_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "4827961D-5C4A-4C9E-BD22-65CA440071A6", "versionEndExcluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "339F2068-073C-416D-B5E5-F1A468FE8904", "versionEndExcluding": "3.3.0.314-4a349e0", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D08EC19B-0A36-4D9A-9894-FB41F8414CB6", "versionEndExcluding": "5.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)."}, {"lang": "es", "value": "Akkadian Provisioning Manager Engine (PME) se env\u00eda con una credencial embebida, akkadianuser:haakkadianpassword. Este problema fue resuelto en Akkadian OVA appliance versiones 3.0 (y posteriores), Akkadian Provisioning Manager versiones 5.0.2 (y posteriores), and Akkadian Appliance Manager versiones 3.3.0.314-4a349e0 (y posteriores)"}], "id": "CVE-2021-31579", "lastModified": "2021-08-09T18:04:09.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2021-07-22T19:15:08.817", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "cve@rapid7.com", "type": "Secondary"}]}