Insecure MySQL Configuration Vulnerability
CVE-2018-15768

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Openmanage Network Manager
Vendor: CVE Published:; 30 November 2018

Summary

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.

Affected Version(s)

OpenManage Network Manager < 6.5.0

References

http://www.securityfocus.com/bid/105914

vdb-entryx_refsource_BID

https://www.dell.com/support/article/us/en/04/sln314610/d...

x_refsource_MISC

https://www.exploit-db.com/exploits/45852/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2018
Vulnerability Reserved
Aug 23, 2018