CVE-2019-18284

Name of the Vulnerable Software and Affected Versions SPPA-T3000 Application Server versions prior to Service Pack R8.2 SP2

Description The issue is related to the availability of the AdminService without authentication on the Application Server, allowing an attacker to access server administration services and obtain password hashes of server application users. An attacker can exploit this to change user passwords, but they need access to the Application Highway. There are no known public exploitations of this issue at the time of reporting.

Recommendations For versions prior to Service Pack R8.2 SP2, update to Service Pack R8.2 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AdminService interface until a patch is available.