CVE-2021-27437

9.1CRITICAL

Key Information

Vendor: Advantech
Status: Wise-paas/rmm
Vendor: CVE Published:; 7 May 2021

Summary

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).

Affected Version(s)

WISE-PaaS/RMM = versions prior to 9.0.1

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 7, 2021
Vulnerability Reserved.
Feb 19, 2021

Collectors

NVD DatabaseMitre Database