CVE-2019-25021

Name of the Vulnerable Software and Affected Versions Scytl sVote version 2.1

Description An issue was discovered due to the implementation of the database manager, allowing an attacker to access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.

Recommendations For Scytl sVote version 2.1, consider changing the default admin password to a unique and strong password as soon as possible. However, since the code implementation does not allow setting a different password, as a temporary workaround, restrict access to the OrientDB to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.