Skip to main content

Access CVE-2019-11898

CRITICAL
Use of Hard-coded Credentials (CWE-798)
2019-09-12 psirt@bosch.com
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 12, 2019 - 19:15 nvd
CRITICAL 9.9

DescriptionNVD

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.

AnalysisAI

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. Affected products include: Bosch Access.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

More in Access

View all
CVE-2013-3157 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3155 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3156 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2015-2503 CRITICAL
9.3 Nov 11

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, P

CVE-2019-18780 CRITICAL
9.8 Nov 05

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthentica

CVE-2017-6399 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6406 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6400 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2025-26642 HIGH
7.8 Apr 08

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVS

CVE-2024-49142 HIGH
7.8 Dec 12

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic

CVE-2020-1582 HIGH
7.8 Aug 17

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle obj

Share

CVE-2019-11898 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy