CVE-2018-1219

MEDIUM Year: 2018
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks.

Related Vulnerabilities

CVE-2011-4820

MEDIUM
CVSS:4.3(Medium)

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.

NVD-CWE-Other2011

CVE-2015-1971

MEDIUM
CVSS:4.3(Medium)

Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manag...

NVD-CWE-Other2015

CVE-2015-6479

MEDIUM
CVSS:4.3(Medium)

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover poten...

NVD-CWE-Other2015

CVE-2016-0162

MEDIUM
CVSS:4.3(Medium)

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."

NVD-CWE-Other2016

CVE-2016-11050

MEDIUM
CVSS:4.3(Medium)

An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016...

NVD-CWE-Other2016

CVE-2016-3422

MEDIUM
CVSS:4.3(Medium)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.

NVD-CWE-Other2016