exploitDog

CVE-2018-1000627

Опубликовано: 28 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/147304
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/147304
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:battelle:v2i_hub:2.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00421

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-h89g-92w5-6r7q

CVSS3: 9.8

github

больше 3 лет назад

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.

EPSS

Процентиль: 62%

0.00421

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522