CVE-2018-1000627

EPSS 0.42%
Veröffentlicht 28.12.2018 16:29:01
Zuletzt bearbeitet 21.11.2024 03:40:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Battelle ≫ V2i Hub Version2.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://exchange.xforce.ibmcloud.com/vulnerabilities/147304

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-1000627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000627

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-1000627