CVE-2018-15767 – Improper Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2018-15767
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. La máquina virtual Dell OpenManage Network Manager en versiones anteriores a la 6.5.3 contiene una vulnerabilidad de autorización incorrecta provocada por un error de configuración en el archivo /etc/sudoers. • https://www.exploit-db.com/exploits/45852 http://www.securityfocus.com/bid/105912 https://www.dell.com/support/article/us/en/04/sln314610/dell-openmanage-network-manager-security-vulnerabilities • CWE-863: Incorrect Authorization •
CVE-2018-15768 – Insecure MySQL Configuration Vulnerability
https://notcve.org/view.php?id=CVE-2018-15768
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. Dell OpenManage Network Manager, en versiones anteriores a la 6.5.0, habilitaba el acceso de lectura/escritura al sistema de archivos para los usuarios de MySQL debido a una opción de configuración insegura por defecto para la base de datos embebida de MySQL. • https://www.exploit-db.com/exploits/45852 http://www.securityfocus.com/bid/105914 https://www.dell.com/support/article/us/en/04/sln314610/dell-openmanage-network-manager-security-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •