CVE-2018-5559 Vulnerability Details

  /     /     /  

CVE-2018-5559 Metadata Quick Info

CVE Published: 28/11/2018 | CVE Updated: 17/09/2024 | CVE Year: 2018
Source: rapid7 | Vendor: Rapid7 | Product: Komand
Status : PUBLISHED

---

CVE-2018-5559 Description

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-212
CWE Name: CWE-212
Source: Rapid7

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).