How severe is CVE-2018-10498?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2018-10498?

This is classified as CWE-37, which is a common weakness in software security.

CVE-2018-10498 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.

Related Vulnerabilities

CVE-2024-12806

MEDIUM

CVSS:4.9(Medium)

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

CWE-372024

CVE-2023-20077

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of ...

CWE-372023

CVE-2023-20087

MEDIUM

CVSS:6.5(Medium)

CWE-372023

CVE-2022-20962

HIGH

CVSS:8.8(High)

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected...

CWE-372022

CVE-2022-25347

HIGH

CVSS:7.5(High)

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

CWE-372022

CVE-2023-20077

MEDIUM

CVSS:6.5(Medium)

CWE-372023