7.5
CVE-2017-6910
- EPSS 0.21%
- Veröffentlicht 12.04.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:30:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kaazing ≫ Kaazing Gateway Version < 4.5.3
Kaazing ≫ Kaazing Gateway Version4.5.3
Kaazing ≫ Kaazing Gateway Version4.5.3 Updatehotfix1
Kaazing ≫ Kaazing Gateway Updatehotfix1 SwEditionjms Version >= 4.4.0 < 4.4.2
Kaazing ≫ Kaazing Gateway SwEditionjms Version >= 4.5.0 < 4.5.3
Kaazing ≫ Kaazing Gateway Version4.0.5 SwEditionjms
Kaazing ≫ Kaazing Gateway Version4.0.6 SwEditionjms
Kaazing ≫ Kaazing Gateway Version4.0.6 Updatehotfix2 SwEditionjms
Kaazing ≫ Kaazing Gateway Version4.0.7 SwEditionjms
Kaazing ≫ Kaazing Gateway Version4.4.2 Updatehotfix1 SwEditionjms
Kaazing ≫ Kaazing Gateway Version4.5.3 Updatehotfix1 SwEditionjms
Tenefit ≫ Kaazing Websocket Gateway SwEditioncommunity Version < 5.6.0
Tenefit ≫ Kaazing Websocket Gateway SwEditionenterprise Version < 5.6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.434 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.