How severe is CVE-2018-17188?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2018-17188?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2018-17188 - HIGH Severity | CVSS 7.2

Vulnerability Description

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

Related Vulnerabilities

CVE-2012-6613

HIGH

CVSS:7.2(High)

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

NVD-CWE-Other2012

CVE-2014-6059

HIGH

CVSS:7.2(High)

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

NVD-CWE-Other2014

CVE-2015-7472

HIGH

CVSS:7.2(High)

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP inject...

NVD-CWE-Other2015

CVE-2015-7917

HIGH

CVSS:7.2(High)

Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

NVD-CWE-Other2015

CVE-2016-1227

HIGH

CVSS:7.2(High)

NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earl...

NVD-CWE-Other2016

CVE-2016-3461

HIGH

CVSS:7.2(High)

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and avai...

NVD-CWE-Other2016