How severe is CVE-2018-1000812?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-1000812?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2018-1000812 - HIGH Severity | CVSS 8.1

Vulnerability Description

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.

Related Vulnerabilities

CVE-2014-6412

HIGH

CVSS:8.1(High)

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

CWE-6402014

CVE-2017-0921

HIGH

CVSS:8.1(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account tak...

CWE-6402017

CVE-2017-8613

HIGH

CVSS:8.1(High)

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Az...

CWE-6402017

CVE-2018-12579

HIGH

CVSS:8.1(High)

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1....

CWE-6402018

CVE-2019-12943

HIGH

CVSS:8.1(High)

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

CWE-6402019

CVE-2021-28128

HIGH

CVSS:8.1(High)

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an a...

CWE-6402021