How severe is CVE-2016-15014?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2016-15014?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2016-15014 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2010-4178

MEDIUM

CVSS:5.5(Medium)

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

CWE-5222010

CVE-2012-5527

MEDIUM

CVSS:5.5(Medium)

Claws Mail vCalendar plugin: credentials exposed on interface

CWE-5222012

CVE-2013-4423

MEDIUM

CVSS:5.5(Medium)

CloudForms stores user passwords in recoverable format

CWE-5222013

CVE-2014-0241

MEDIUM

CVSS:5.5(Medium)

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

CWE-5222014

CVE-2014-1423

MEDIUM

CVSS:5.5(Medium)

signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the sig...

CWE-5222014

CVE-2014-4659

MEDIUM

CVSS:5.5(Medium)

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "de...

CWE-5222014