Lucene search

MitreCVE-2018-18762

HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-18762

2019-03-2116:00:29

CWE-200

mitre

web.nvd.nist.gov

cve

2018

18762

saltos

database

download

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.014

Percentile

86.4%

JSON

SaltOS 3.1 r8126 contains a database download vulnerability.

Affected configurations

Nvd

Node

saltossaltosMatch3.1

VendorProductVersionCPE
saltossaltos3.1cpe:2.3:a:saltos:saltos:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
saltos	saltos	3.1	cpe:2.3:a:saltos:saltos:3.1:::::::*

References

packetstormsecurity.com/files/150005/SaltOS-Erp-Crm-3.1-r8126-Database-Download.html

www.exploit-db.com/exploits/45734/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.014

Percentile

86.4%

JSON

Related for CVE-2018-18762