CVE-2018-16497 Vulnerability Details

  /     /     /  

CVE-2018-16497 Metadata Quick Info

CVE Published: 26/05/2021 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: hackerone | Vendor: n/a | Product: Versa Analytics
Status : PUBLISHED

---

CVE-2018-16497 Description

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: Improper Privilege Management (CWE-269)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).