mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
74 lines
2.2 KiB
JSON
74 lines
2.2 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "ics-cert@hq.dhs.gov",
|
|
"DATE_PUBLIC" : "2018-08-28T00:00:00",
|
|
"ID" : "CVE-2018-14805",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "ABB eSOMS",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "Version 6.0.2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "ICS-CERT"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "IMPROPER AUTHENTICATION CWE-287"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04",
|
|
"refsource" : "MISC",
|
|
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04"
|
|
},
|
|
{
|
|
"name" : "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch"
|
|
},
|
|
{
|
|
"name" : "105169",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/105169"
|
|
}
|
|
]
|
|
}
|
|
}
|