CVE-2018-1708

CWE-200 — Information Exposure10 documents6 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 60.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Symphony IBM Platform Symphony IBM Specturm Symphony

Timeline

PublishedOct 11

Latest updateMay 13

Description

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/spectrum_symphony7.1.2, 7.2.0.2+1

▶NVDibm/platform_symphony7.1, 7.1.1+1

▶NVDibm/specturm_symphony7.1.2, 7.2.0.2+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-xpfw-c749-q728: IBM Spectrum Symphony 7↗2022-05-13

▶

CVEList

CVE-2018-1708: IBM Spectrum Symphony 7↗2018-10-11

▶

💥Exploits & PoCs

Exploit-DB

Keybase keybase-redirector - '$PATH' Local Privilege Escalation↗2018-10-22

▶

Exploit-DB

DynoRoot DHCP Client - Command Injection↗2018-05-18

▶

💬Community

Bugzilla

CVE-2018-12085 liblouis: Stack-based buffer overflow in compileTranslationTable.c↗2018-06-11

▶

Bugzilla

CVE-2018-11685 liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c↗2018-06-07

▶

Bugzilla

CVE-2018-11684 liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c↗2018-06-07

▶

Bugzilla

CVE-2018-11577 liblouis: Segmentation fault in logging.c:lou_logPrint()↗2018-06-05

▶