CVE-2019-18337

Name of the Vulnerable Software and Affected Versions Control Center Server (CCS) versions prior to V1.5.0

Description A remote attacker with network access to the CCS server could exploit an authentication bypass vulnerability in the XML-based communication protocol, as provided by default on ports 5444/tcp and 5440/tcp, to read the CCS users database, including the passwords of all users in obfuscated cleartext.

Recommendations For versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 5444/tcp and 5440/tcp to minimize the risk of exploitation.