CVE-2018-14805

Name of the Vulnerable Software and Affected Versions: ABB eSOMS version 6.0.2

Description: The issue is related to the incorrect operation of the authentication mechanism in ABB eSOMS. This can allow a remote attacker to gain unauthorized access to the system if LDAP is configured for anonymous authentication and specific key values are present in the eSOMS web.config file. Both conditions must be met for the issue to be exploited.

Recommendations: For ABB eSOMS version 6.0.2, consider disabling anonymous LDAP authentication and review the eSOMS web.config file to ensure that it does not contain the specific key values that can be exploited. Restrict access to the system until a proper fix can be applied.