CVE-2021-27437
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
07/05/2021
Last modified:
19/05/2021
Description
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:advantech:wise-paas\/rmm:*:*:*:*:*:*:*:* | 9.0.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page