5.9

CVE-2018-18908

Exploit

EPSS 0.13%
Veröffentlicht 20.01.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 03:56:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sky ≫ Sky Go SwPlatformwindows Version >= 1.0.19-1 <= 1.0.23-1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://blog.sean-wright.com/sky/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-18908

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18908

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18908

EUVD