8.8
CVE-2016-8520
- EPSS 0.46%
- Veröffentlicht 15.02.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 02:59:31
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
LoginHPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eucalyptus ≫ Eucalyptus Version <= 4.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.632 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|