How severe is CVE-2018-13374?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2018-13374?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2018-13374

MEDIUM Year: 2018

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-732

View all →

Vulnerability Description

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

CVE-2016-11065

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.

CWE-7322016

CVE-2016-11080

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

CWE-7322016

CVE-2017-18870

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

CWE-7322017

CVE-2017-18872

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

CWE-7322017