9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.1%
A vulnerability in the Calendar component of cloud storage creation and utilization software
Nextcloud Server is related to improper access control. Exploitation of the vulnerability could
allow an attacker acting remotely to gain access to sensitive information
Vulnerability in the 2FA component of the cloud storage creation and utilization software Nextcloud Server is related to improper access controls.
Nextcloud Server data storage software component is associated with improper authentication. Exploitation of the vulnerability could allow
a remote attacker to bypass authentication after successfully providing credentials to a
user
A vulnerability in the cloud-based software for creating and utilizing Nextcloud data storage
Server is related to an incorrect session expiration date. Exploitation of the vulnerability could allow an attacker ,
acting remotely, to bypass the authentication process.
Vulnerability in Nextcloud Server cloud storage creation and utilization software is related to accessing the active Nextcloud
Server is related to gaining access to another user’s active session by sending calls to the API directly, bypassing the confirmation process.
directly to the API, bypassing password validation. Exploitation of the vulnerability could allow an attacker ,
acting remotely, to bypass the authentication process
Vulnerability in the files_versions() function of cloud-based software for creating and utilizing
Nextcloud Server data storage software is related to restoring older versions of a document if the files_versions application is enabled.
files_versions application is enabled. Exploitation of the vulnerability could allow an attacker acting
remotely to gain access to sensitive information
A vulnerability in the cloud-based software for creating and utilizing Nextcloud data storage
Server is related to the lack of authentication attempt restrictions. Exploitation of the vulnerability could allow
an attacker acting remotely to bypass the authentication process
Vulnerability in the Delete component of cloud software for creating and using Nextcloud Server data storage is related to the sending of authentication attempts.
Nextcloud Server data storage software is associated with sending requests to delete old versions of files that could be
be retrieved with read-only permissions. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the integrity of the system
A vulnerability in the Share component of the cloud software for creating and utilizing the Nextcloud Server storage
Nextcloud Server data storage is associated with sending requests to delete old versions of files that could be
be retrieved with read-only permissions. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the integrity of the system
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.1%