Main Vulnerability Database Vulnerabilities #VU45063

#VU45063 Credentials management in WebDefend - CVE-2011-0756

Published: May 5, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45063

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-0756

CWE-ID: CWE-255

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WebDefend

Software vendor:
Trustwave

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.

Remediation

Install update from vendor's website.

External links

http://securitytracker.com/id?1025447
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-001.txt

#VU45063 Credentials management in WebDefend - CVE-2011-0756

Description

Remediation

External links

Please verify you're human