cvelistv5 - cve-2018-8448

CVE-2018-8448 (GCVE-0-2018-8448)

Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54

Summary

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Severity ?

No CVSS data available.

CWE

Elevation of Privilege

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041836	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/105492	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Exchange Server	Affected: 2013 Cumulative Update 21 Affected: 2016 Cumulative Update 10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
          },
          {
            "name": "1041836",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041836"
          },
          {
            "name": "105492",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105492"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Exchange Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Cumulative Update 21"
            },
            {
              "status": "affected",
              "version": "2016 Cumulative Update 10"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
        },
        {
          "name": "1041836",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041836"
        },
        {
          "name": "105492",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105492"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Exchange Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Cumulative Update 21"
                          },
                          {
                            "version_value": "2016 Cumulative Update 10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
            },
            {
              "name": "1041836",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041836"
            },
            {
              "name": "105492",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105492"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8448",
    "datePublished": "2018-10-10T13:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*\", \"matchCriteriaId\": \"B560F8FD-068E-4A16-A37F-A62DCE88FCF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \\\"Microsoft Exchange Server Elevation of Privilege Vulnerability.\\\" This affects Microsoft Exchange Server.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de elevaci\\u00f3n de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) fracasa a la hora de gestionar correctamente peticiones web. Esto tambi\\u00e9n se conoce como \\\"Microsoft Exchange Server Elevation of Privilege Vulnerability\\\". Esto afecta a Microsoft Exchange Server.\"}]",
      "id": "CVE-2018-8448",
      "lastModified": "2024-11-21T04:13:51.007",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-10-10T13:29:02.463",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105492\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041836\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105492\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8448\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-10-10T13:29:02.463\",\"lastModified\":\"2024-11-21T04:13:51.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \\\"Microsoft Exchange Server Elevation of Privilege Vulnerability.\\\" This affects Microsoft Exchange Server.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) fracasa a la hora de gestionar correctamente peticiones web. Esto tambi\u00e9n se conoce como \\\"Microsoft Exchange Server Elevation of Privilege Vulnerability\\\". Esto afecta a Microsoft Exchange Server.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B560F8FD-068E-4A16-A37F-A62DCE88FCF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105492\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041836\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-GHXR-557P-73PC

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-10T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server.",
  "id": "GHSA-ghxr-557p-73pc",
  "modified": "2022-05-13T01:53:42Z",
  "published": "2022-05-13T01:53:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8448"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105492"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041836"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-8448

Vulnerability from fkie_nvd - Published: 2018-10-10 13:29 - Updated: 2024-11-21 04:13

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/105492	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1041836	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105492	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041836	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	exchange_server	2013
	microsoft	exchange_server	2016

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*",
              "matchCriteriaId": "B560F8FD-068E-4A16-A37F-A62DCE88FCF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
              "matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) fracasa a la hora de gestionar correctamente peticiones web. Esto tambi\u00e9n se conoce como \"Microsoft Exchange Server Elevation of Privilege Vulnerability\". Esto afecta a Microsoft Exchange Server."
    }
  ],
  "id": "CVE-2018-8448",
  "lastModified": "2024-11-21T04:13:51.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-10T13:29:02.463",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105492"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041836"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-00966

Vulnerability from cnvd - Published: 2019-01-09

Title

Microsoft Exchange Server远程权限提升漏洞

Description

Microsoft Exchange Server是美国微软（Microsoft）公司的一套电子邮件服务程序，它提供邮件存取、储存、转发，语音邮件，邮件过滤筛选等功能。 Microsoft Exchange Server 2016 Cumulative Update 10版本和Exchange Server 2013 Cumulative Update 21版本中存在权限提升漏洞，该漏洞源于Outlook Web Access(OWA)未能正确处理Web请求。远程攻击者可利用该漏洞实施脚本或内容注入攻击，并试图欺骗用户泄露敏感信息。

Severity

中

Patch Name

Microsoft Exchange Server远程权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8448

Reference

https://www.securityfocus.com/bid/105492 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8448

Impacted products

Name
['Microsoft Exchange Server 2016 Cumulative Update 10', 'Microsoft Exchange Server 2013 Cumulative Update 21']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105492"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8448"
    }
  },
  "description": "Microsoft Exchange Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u90ae\u4ef6\u5b58\u53d6\u3001\u50a8\u5b58\u3001\u8f6c\u53d1\uff0c\u8bed\u97f3\u90ae\u4ef6\uff0c\u90ae\u4ef6\u8fc7\u6ee4\u7b5b\u9009\u7b49\u529f\u80fd\u3002\n\nMicrosoft Exchange Server 2016 Cumulative Update 10\u7248\u672c\u548cExchange Server 2013 Cumulative Update 21\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOutlook Web Access(OWA)\u672a\u80fd\u6b63\u786e\u5904\u7406Web\u8bf7\u6c42\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u811a\u672c\u6216\u5185\u5bb9\u6ce8\u5165\u653b\u51fb\uff0c\u5e76\u8bd5\u56fe\u6b3a\u9a97\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Adrian Ivascu",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8448",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-00966",
  "openTime": "2019-01-09",
  "patchDescription": "Microsoft Exchange Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u90ae\u4ef6\u5b58\u53d6\u3001\u50a8\u5b58\u3001\u8f6c\u53d1\uff0c\u8bed\u97f3\u90ae\u4ef6\uff0c\u90ae\u4ef6\u8fc7\u6ee4\u7b5b\u9009\u7b49\u529f\u80fd\u3002\r\n\r\nMicrosoft Exchange Server 2016 Cumulative Update 10\u7248\u672c\u548cExchange Server 2013 Cumulative Update 21\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOutlook Web Access(OWA)\u672a\u80fd\u6b63\u786e\u5904\u7406Web\u8bf7\u6c42\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u811a\u672c\u6216\u5185\u5bb9\u6ce8\u5165\u653b\u51fb\uff0c\u5e76\u8bd5\u56fe\u6b3a\u9a97\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Exchange Server\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Exchange Server 2016 Cumulative Update 10",
      "Microsoft Exchange Server 2013 Cumulative Update 21"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/105492\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8448",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-10",
  "title": "Microsoft Exchange Server\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CERTFR-2018-AVI-486

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	SQL Server Management Studio 17.9
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3
Microsoft	N/A	SQL Server Management Studio 18.0 (Preview 4)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft	N/A	PowerShell Core 6.0
Microsoft	N/A	Microsoft Exchange Server 2013
Microsoft	N/A	Microsoft Exchange Server 2016
Microsoft	Azure	Hub Device Client SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 octobre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server Management Studio 17.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server Management Studio 18.0 (Preview 4)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Core 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Hub Device Client SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8503"
    },
    {
      "name": "CVE-2018-8448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8448"
    },
    {
      "name": "CVE-2018-8505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8505"
    },
    {
      "name": "CVE-2018-8510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8510"
    },
    {
      "name": "CVE-2018-8511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8511"
    },
    {
      "name": "CVE-2018-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8292"
    },
    {
      "name": "CVE-2018-8500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8500"
    },
    {
      "name": "CVE-2010-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3190"
    },
    {
      "name": "CVE-2018-8533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8533"
    },
    {
      "name": "CVE-2018-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8265"
    },
    {
      "name": "CVE-2018-8527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8527"
    },
    {
      "name": "CVE-2018-8513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8513"
    },
    {
      "name": "CVE-2018-8532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8532"
    },
    {
      "name": "CVE-2018-8473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8473"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-486",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 octobre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-486

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	SQL Server Management Studio 17.9
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3
Microsoft	N/A	SQL Server Management Studio 18.0 (Preview 4)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft	N/A	PowerShell Core 6.0
Microsoft	N/A	Microsoft Exchange Server 2013
Microsoft	N/A	Microsoft Exchange Server 2016
Microsoft	Azure	Hub Device Client SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 octobre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server Management Studio 17.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server Management Studio 18.0 (Preview 4)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Core 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Hub Device Client SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8503"
    },
    {
      "name": "CVE-2018-8448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8448"
    },
    {
      "name": "CVE-2018-8505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8505"
    },
    {
      "name": "CVE-2018-8510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8510"
    },
    {
      "name": "CVE-2018-8511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8511"
    },
    {
      "name": "CVE-2018-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8292"
    },
    {
      "name": "CVE-2018-8500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8500"
    },
    {
      "name": "CVE-2010-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3190"
    },
    {
      "name": "CVE-2018-8533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8533"
    },
    {
      "name": "CVE-2018-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8265"
    },
    {
      "name": "CVE-2018-8527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8527"
    },
    {
      "name": "CVE-2018-8513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8513"
    },
    {
      "name": "CVE-2018-8532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8532"
    },
    {
      "name": "CVE-2018-8473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8473"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-486",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 octobre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GSD-2018-8448

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8448

Aliases

CVE-2018-8448

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8448",
    "description": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server.",
    "id": "GSD-2018-8448"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8448"
      ],
      "details": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server.",
      "id": "GSD-2018-8448",
      "modified": "2023-12-13T01:22:34.925371Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8448",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Exchange Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2013 Cumulative Update 21"
                        },
                        {
                          "version_value": "2016 Cumulative Update 10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
          },
          {
            "name": "1041836",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041836"
          },
          {
            "name": "105492",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105492"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8448"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448"
            },
            {
              "name": "1041836",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041836"
            },
            {
              "name": "105492",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105492"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-10-10T13:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8448 (GCVE-0-2018-8448)

GHSA-GHXR-557P-73PC

FKIE_CVE-2018-8448

CNVD-2019-00966

CERTFR-2018-AVI-486

Solution

CERTFR-2018-AVI-486

Solution

GSD-2018-8448

Tags

Sightings

Nomenclature