PT-2018-15355 · Safe · Fme Server

Published

2018-12-23

Updated

2019-10-03

CVE-2018-20402

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Safe Software FME Server versions prior to 2018.1

Description The issue allows unauthorized access by creating and enabling three additional accounts with default passwords. The accounts have usernames that are the same as their passwords: guest, user, and author. These accounts are granted default privilege roles, which can be exploited by logging in with these credentials.

Recommendations For Safe Software FME Server versions prior to 2018.1, change the default passwords of the guest, user, and author accounts to secure passwords to prevent unauthorized access. Consider disabling these accounts if they are not necessary for the system's operation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

CVE-2018-20402

Affected Products

Fme Server

PT-2018-15355 · Safe · Fme Server

CVE-2018-20402

Weakness Enumeration

Related Identifiers

Affected Products

References · 3