How severe is CVE-2018-12445?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2018-12445?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2018-12445

LOW Year: 2018

CVSS v3 Score

3.1

Low

CVSS v2 Score

3.3

Low

Weakness Type

CWE-287

View all →

Vulnerability Description

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred

CVE-2018-8862

LOW

CVSS:3.1(Low)

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions ma...

CWE-2872018

CVE-2024-49755

LOW

CVSS:3.1(Low)

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access ...

CWE-2872024

CVE-2024-50341

LOW

CVSS:3.1(Low)

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined...

CWE-2872024

CVE-2019-20533

LOW

CVSS:3.3(Low)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is S...

CWE-2872019

CVE-2020-9077

LOW

CVSS:3.3(Low)

HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specifie...

CWE-2872020

CVE-2020-9250

LOW

CVSS:3.3(Low)

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient veri...

CWE-2872020

CVE-2018-12445

Vulnerability Description

Related Vulnerabilities

CVE-2018-8862

CVE-2024-49755

CVE-2024-50341

CVE-2019-20533

CVE-2020-9077

CVE-2020-9250