CVE-2018-0218

LOW Year: 2018
CVSS v3 Score
3.3
Low
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616.

Related Vulnerabilities

CVE-2013-4209

LOW
CVSS:3.3(Low)

Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.

CWE-2002013

CVE-2013-7458

LOW
CVSS:3.3(Low)

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

CWE-2002013

CVE-2014-2884

LOW
CVSS:3.3(Low)

The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OP...

CWE-2002014

CVE-2014-4407

LOW
CVSS:3.3(Low)

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafte...

CWE-2002014

CVE-2014-9680

LOW
CVSS:3.3(Low)

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by...

CWE-2002014

CVE-2015-0238

LOW
CVSS:3.3(Low)

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

CWE-2002015