CVE-2018-1206
HIGHDell EMC Data Protection Advisor - Use of Hard-coded Credentials
Title source: llmDescription
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2018/Mar/22
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040484
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103376
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
emc/data_protection_advisor
6.3.0
emc/data_protection_advisor
6.4.0
Published
Mar 12, 2018
Tracked Since
Feb 18, 2026