CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
76.4%
baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below.
Command injection (CWE-94) - CVE-2018-0569
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Base Score: 6.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:P/A:P | Base Score: 6.5 |
Cross-site scripting (CWE-79) - CVE-2018-0570
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:L/Au:N/C:N/I:P/A:N | Base Score: 5.0 |
Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Solution for CVE-2018-0570, CVE-2018-0571, CVE-2018-0573, CVE-2018-0574, and CVE-2018-0575:
Update the software
Update to the latest version according to the information provided by the developer.
According to the developer, CVE-2018-0573 and CVE-2018-0575 vulnerabilities do not exist if the product has been successfully installed. Those 2 vulnerabilities exist only in the situation where the installation of the product failed with issues such as access restrictions, etc.
Solution for CVE-2018-0569:
Update the software and then configure a user authentication properly
Update the software first, and then set a user authentication enabled/disabled. If a user authentication is enabled, a system administrator’s privilege is required to save a script in an article.
The developer states that all authentications besides a system administrator’s authentication becomes disabled, and then setting respective authentications enabled/disabled appropriately becomes possible after updating the software to the latest version.
All users authentications are enabled if installing the software for the first time using the latest installer.
Solution for CVE-2018-0572:
Apply a Workaround
When restricting access control using contents management function, be sure to register all URLs of the pages that need to be accessed.
For more information, refer to the developer’s website.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
76.4%