CVE-2018-14335

Exploit

EPSS 8.6%
Published 24.07.2018 13:29:00
Last modified 21.11.2024 03:48:50
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Affected products Warnungen 0 Metrics 4 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

H2database ≫ H2 Version1.4.197

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.6%	0.921

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E

https://access.redhat.com/errata/RHSA-2020:0727

https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20

Third Party Advisory

Exploit

https://security.netapp.com/advisory/ntap-20240726-0003/

https://www.exploit-db.com/exploits/45105/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-14335

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14335

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14335

EUVD