CVE-2018-18865

Опубликовано: 20 нояб. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 4.3

EPSS Средний

Описание

The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.

Ссылки

http://packetstormsecurity.com/files/150136/Royal-TS-X-Information-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/25
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Nov/4
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/45783/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/150136/Royal-TS-X-Information-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/25
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Nov/4
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/45783/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:royalapplications:royal_ts:*:*:*:*:*:*:*:*

Версия до 4.3.60728 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:royalapplications:royal_tsx:*:*:*:*:*:*:*:*

Версия до 3.3.1 (включая)

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.23919

Средний

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-r4j9-r648-vj86