9.8
CVE-2018-6180
- EPSS 4.01%
- Veröffentlicht 08.02.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 04:10:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Themashabrand ≫ Online Voting Platform Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.01% | 0.892 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://packetstormsecurity.com/files/146254/Online-Voting-System-Authentication-Bypass.html
https://www.exploit-db.com/exploits/43967/