|
| TC: | 12063 | |
| Description: | SyBase SQL Anywhere Database server is a very popular database server which sees widespread use throughout the world. A vulnerability exists in the default installation of the SQL Anywhere database which creates a default user/password pairing ("dba"/"sql"). This default configuration can easily be discovered and accessed remotely by an attacker and, upon discovery possibly exploited to the total compromise of the target system. | |
| TC Impact: | Gather Info | |
| Service: | SyBase SQL Anywhere |
| Vulnerability Publication: | N.A. | |
| Advisory Copyright: | N.A. | |
| Summary: | A remote attacker can possibly cause a total compromise of your SQL Anywhere database server. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial | |
| CVSS 2.0 Base Score: | 7.5 |
| Vulnerability Impact: |
Gain Root |
|---|
| Host Impact: | A remote attacker might totally compromise your database server. | |
| Nature of Remediation: | Change the configuration. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Change the default password. |
| References: | ||
| * MISC: Vendor site http://www.sybase.com |
| CVE Link: |
GENERIC-MAP-NOMATCH |
 |
|---|
| Glossary: |
Password SQL TCP |
|---|