CVE-2018-20402

HIGH

Safe Software FME Server <2018.1 - Info Disclosure

Title source: llm

Description

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the default privilege roles that were also created for each of the accounts.

References (1)

[Vendor Advisory] http://docs.safe.com/fme/html/FME_Server_Documentation/Content/AdminGuide/Default_User_Accounts_and_Passwords.htm

Scores

CVSS v3 8.8

EPSS 0.0049

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (1)

safe/fme_server < 2018.1

Published Dec 23, 2018

Tracked Since Feb 18, 2026