exploitDog

CVE-2018-10174

Опубликовано: 20 апр. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

Ссылки

http://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:digitalguardian:management_console:7.1.2.0015:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00178

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-c35f-jw99-2p28

CVSS3: 6.5

github

больше 3 лет назад

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

EPSS

Процентиль: 40%

0.00178

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918