7.5
CVE-2018-18325
- EPSS 74.05%
- Veröffentlicht 03.07.2019 17:15:10
- Zuletzt bearbeitet 07.11.2025 19:19:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dnnsoftware ≫ Dotnetnuke Version >= 9.2 <= 9.2.2
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
SchwachstelleDotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.05% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
https://github.com/dnnsoftware/Dnn.Platform/releases
https://www.dnnsoftware.com/community/security/security-center
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325