Lucene search

[email protected]NVD:CVE-2018-14772

HistoryOct 16, 2018 - 10:29 p.m.

CVE-2018-14772

2018-10-1622:29:01

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

72.8%

JSON

Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.

Affected configurations

Nvd

Node

pydiopydioRange4.2.1–8.2.1

VendorProductVersionCPE
pydiopydio*cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pydio	pydio	*	cpe:2.3:a:pydio:pydio::::::::

References

coastalsec.io/cve-2018-14772-remote-code-execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

72.8%

JSON

Related for NVD:CVE-2018-14772

prion1 cvelist1 cve1 osv1