{"api_version":"1","generated_at":"2026-04-23T02:57:46+00:00","cve":"CVE-2018-6443","urls":{"html":"https://cve.report/CVE-2018-6443","api":"https://cve.report/api/cve/CVE-2018-6443.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6443","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6443"},"summary":{"title":"CVE-2018-6443","description":"A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.","state":"PUBLIC","assigner":"sirt@brocade.com","published_at":"2019-01-22 17:29:00","updated_at":"2019-05-23 18:29:00"},"problem_types":["CWE-255"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html","name":"http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html","refsource":"MISC","tags":[],"title":"Brocade Network Advisor 14.4.1 Unauthenticated Remote Code Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190411-0005/","name":"https://security.netapp.com/advisory/ntap-20190411-0005/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"January 2019 Brocade Network Advisor Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743","name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Broadcom Inc. | Connecting Everything","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6443","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6443","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6443","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"brocade","cpe5":"network_advisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6443","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"brocade","cpe5":"network_advisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6443","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"brocade_network_advisor","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6443","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"brocade_network_advisor","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"sirt@brocade.com","ID":"CVE-2018-6443","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Brocade Network Advisor","version":{"version_data":[{"version_value":"All versions prior to version 14.3.1"}]}}]},"vendor_name":"Brocade Communications Systems, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Use of Hard-coded Credentials"}]}]},"references":{"reference_data":[{"name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743","refsource":"CONFIRM","url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20190411-0005/","url":"https://security.netapp.com/advisory/ntap-20190411-0005/"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html","url":"http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html"}]}},"nvd":{"publishedDate":"2019-01-22 17:29:00","lastModifiedDate":"2019-05-23 18:29:00","problem_types":["CWE-255"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*","versionEndExcluding":"14.3.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:brocade_network_advisor:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6443","Ordinal":"122530","Title":"CVE-2018-6443","CVE":"CVE-2018-6443","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6443","Ordinal":"1","NoteData":"A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6443","Ordinal":"2","NoteData":"2019-01-22","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6443","Ordinal":"3","NoteData":"2019-05-23","Type":"Other","Title":"Modified"}]}}}