CVE-2019-19340

HIGH Year: 2019
CVSS v3 Score
8.2
High
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-1188
View all →

Vulnerability Description

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Related Vulnerabilities

CVE-2018-15685

HIGH
CVSS:8.1(High)

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerab...

CWE-11882018

CVE-2019-4169

HIGH
CVSS:8.1(High)

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

CWE-11882019

CVE-2019-4621

HIGH
CVSS:8.1(High)

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use thi...

CWE-11882019

CVE-2020-10552

HIGH
CVSS:8.1(High)

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read a...

CWE-11882020

CVE-2021-34203

HIGH
CVSS:8.1(High)

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this functi...

CWE-11882021

CVE-2021-35535

HIGH
CVSS:8.1(High)

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the...

CWE-11882021