Description

The password for the administrative interface of the Lucee web application is not configured. An unauthenticated attacker can log into the administrative interface and compromise the system.

Remediation

Set the password for the administrative interfaces

References

Locking Down Lucee

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8628)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.11)

WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-4625)

Drupal Core 7.x Remote Code Execution (7.0 - 7.73)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Configuration