How severe is CVE-2018-11461?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2018-11461?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2018-11461

MEDIUM Year: 2018

CVSS v3 Score

6.6

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVE-2015-1769

MEDIUM

CVSS:6.6(Medium)

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishan...

CWE-2642015

CVE-2015-6643

MEDIUM

CVSS:6.6(Medium)

Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka i...

CWE-2642015

CVE-2016-3372

MEDIUM

CVSS:6.6(Medium)

The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or caus...

CWE-2642016

CVE-2016-8561

MEDIUM

CVSS:6.6(Medium)

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the e...

CWE-2642016

CVE-2014-0229

MEDIUM

CVSS:6.5(Medium)

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownData...

CWE-2642014

CVE-2014-1889

MEDIUM

CVSS:6.5(Medium)

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.

CWE-2642014

CVE-2018-11461

Vulnerability Description

Related Vulnerabilities

CVE-2015-1769

CVE-2015-6643

CVE-2016-3372

CVE-2016-8561

CVE-2014-0229

CVE-2014-1889