How severe is CVE-2018-16857?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-16857?

This is classified as CWE-358, which is a common weakness in software security.

CVE-2018-16857

MEDIUM Year: 2018

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-358

View all →

Vulnerability Description

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

CVE-2016-8635

MEDIUM

CVSS:5.9(Medium)

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining th...

CWE-3582016

CVE-2021-42017

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M...

CWE-3582021

CVE-2020-1761

MEDIUM

CVSS:6.1(Medium)

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS att...

CWE-3582020

CVE-2024-23592

MEDIUM

CVSS:6.3(Medium)

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hel...

CWE-3582024

CVE-2020-7251

MEDIUM

CVSS:5.5(Medium)

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthoris...

CWE-3582020

CVE-2017-2612

MEDIUM

CVSS:5.4(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CWE-3582017

CVE-2018-16857

Vulnerability Description

Related Vulnerabilities

CVE-2016-8635

CVE-2021-42017

CVE-2020-1761

CVE-2024-23592

CVE-2020-7251

CVE-2017-2612