How severe is CVE-2018-0449?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2018-0449?

This is classified as CWE-275, which is a common weakness in software security.

CVE-2018-0449

MEDIUM Year: 2018

CVSS v3 Score

5.1

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-275

View all →

Vulnerability Description

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten.

CVE-2014-1422

MEDIUM

CVSS:5.0(Medium)

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. Th...

CWE-2752014

CVE-2014-6047

MEDIUM

CVSS:5.3(Medium)

phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.

CWE-2752014

CVE-2016-8605

MEDIUM

CVSS:5.3(Medium)

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permis...

CWE-2752016

CVE-2017-7145

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data...

CWE-2752017

CVE-2023-37238

MEDIUM

CVSS:5.3(Medium)

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projecti...

CWE-2752023

CVE-2013-4040

MEDIUM

CVSS:5.5(Medium)

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows...

CWE-2752013

CVE-2018-0449

Vulnerability Description

Related Vulnerabilities

CVE-2014-1422

CVE-2014-6047

CVE-2016-8605

CVE-2017-7145

CVE-2023-37238

CVE-2013-4040