CVE-2018-14836

EPSS 0.2%
Veröffentlicht 02.08.2018 00:29:00
Zuletzt bearbeitet 21.11.2024 03:49:53
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Subrion ≫ Subrion Cms Version4.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.414

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/intelliants/subrion/issues/762

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-14836

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14836

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14836

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-14836