CVE-2018-16494

EPSS 0.83%
Veröffentlicht 26.05.2021 19:15:08
Zuletzt bearbeitet 21.11.2024 03:52:51
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Versa-networks ≫ Versa Operating System Version < 16.1r2s11

Versa-networks ≫ Versa Operating System Version >= 20.2.0 < 20.2.2

Versa-networks ≫ Versa Operating System Version >= 21.1.0 < 21.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.83%	0.722

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-377 Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://hackerone.com/reports/1168191

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16494

EUVD