CVE-2018-6443

Name of the Vulnerable Software and Affected Versions: Brocade Network Advisor versions prior to 14.3.1

Description: A vulnerability in Brocade Network Advisor could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using undocumented user credentials and install additional JEE applications. This issue is related to inadequate storage of credentials. An attacker with access to Network Advisor client libraries and the ability to decrypt the JBoss credentials could gain access to the JBoss web console, potentially leading to unauthorized access to protected information through the JMX console.

Recommendations: For versions prior to 14.3.1, update to version 14.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the JBoss Administration interface and limiting the use of Network Advisor client libraries to minimize the risk of exploitation.