CVE-2021-27437

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
07/05/2021
Last modified:
19/05/2021

Description

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:advantech:wise-paas\/rmm:*:*:*:*:*:*:*:* 9.0.1 (excluding)


References to Advisories, Solutions, and Tools