Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2018-14335
HistoryJul 24, 2018 - 1:29 p.m.

CVE-2018-14335

2018-07-2413:29:00
CWE-277
CWE-59
mitre
web.nvd.nist.gov
72
cve-2018-14335
h2
permissions
symlink attack
nvd

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Affected configurations

Nvd
Node
h2databaseh2Match1.4.197
VendorProductVersionCPE
h2databaseh21.4.197cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*

Related

exploitpack 1
ubuntucve 1
osv 1
prion 1
nvd 1
zdt 1
packetstorm 1
redhatcve 1
exploitdb 1
broadcom 1
veracode 1
cvelist 1
vulnrichment 1
ibm 1
redhat 1
exploitpack
exploitpack
H2 Database 1.4.197 - Information Disclosure
2018-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2018-14335
2018-07-24 00:00:00
osv
osv
CVE-2018-14335
2018-07-24 13:29:00
prion
prion
Design/Logic Flaw
2018-07-24 13:29:00
nvd
nvd
CVE-2018-14335
2018-07-24 13:29:00
zdt
zdt
H2 Database 1.4.197 - Information Disclosure Exploit
2018-07-30 00:00:00
packetstorm
packetstorm
H2 Database 1.4.197 Information Disclosure
2018-07-30 00:00:00
redhatcve
redhatcve
CVE-2018-14335
2018-08-01 14:49:45
exploitdb
exploitdb
H2 Database 1.4.197 - Information Disclosure
2018-07-30 00:00:00
broadcom
broadcom
BSA-2022-1837
2022-05-03 00:00:00
veracode
veracode
Information Disclosure
2018-07-25 05:26:31
cvelist
cvelist
CVE-2018-14335
2018-07-24 13:00:00
vulnrichment
vulnrichment
CVE-2018-14335
2018-07-24 13:00:00
ibm
ibm
Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)
2021-05-14 21:25:45
redhat
redhat
(RHSA-2020:0727) Important: Red Hat Data Grid 7.3.3 security update
2020-03-05 12:46:52

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON
Related for CVE-2018-14335
exploitpack1ubuntucve1osv1prion1nvd1zdt1packetstorm1redhatcve1exploitdb1broadcom1veracode1cvelist1vulnrichment1ibm1redhat1