7.5
CVE-2018-1320
- EPSS 0.11%
- Veröffentlicht 07.01.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:37
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
F5 ≫ Traffix Signaling Delivery Controller Version >= 5.0.0 <= 5.1.0
Oracle ≫ Global Lifecycle Management Opatch Version < 11.2.0.3.23
Oracle ≫ Global Lifecycle Management Opatch Version >= 12.2.0.1.0 < 12.2.0.1.19
Oracle ≫ Global Lifecycle Management Opatch Version >= 13.9.4.0.0 < 13.9.4.2.1
Oracle ≫ Nosql Database Version < 19.3.12
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.266 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.