CVE-2018-16497

EPSS 0.04%
Veröffentlicht 26.05.2021 19:15:08
Zuletzt bearbeitet 21.11.2024 03:52:52
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Versa-networks ≫ Versa Analytics Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.086

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://hackerone.com/reports/1168194

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16497

EUVD