CVE-2018-18941

Name of the Vulnerable Software and Affected Versions Vignette Content Management version 6

Description The issue allows for remote access to administrator privileges by discovering the admin password in the "vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin" HTML source code, and then creating a privileged user account. It is noted that this product is discontinued.

Recommendations For Vignette Content Management version 6, as a temporary workaround, consider restricting access to the "vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin" HTML page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.