CVE-2018-20402

Name of the Vulnerable Software and Affected Versions Safe Software FME Server versions prior to 2018.1

Description The issue allows unauthorized access by creating and enabling three additional accounts with default passwords. The accounts have usernames that are the same as their passwords: guest, user, and author. These accounts are granted default privilege roles, which can be exploited by logging in with these credentials.

Recommendations For Safe Software FME Server versions prior to 2018.1, change the default passwords of the guest, user, and author accounts to secure passwords to prevent unauthorized access. Consider disabling these accounts if they are not necessary for the system's operation.