9.1
CVE-2018-1000141
- EPSS 0.29%
- Veröffentlicht 23.03.2018 21:29:00
- Zuletzt bearbeitet 05.12.2025 20:14:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginI, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Scilico ≫ I, Librarian Version <= 4.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.521 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.