How severe is CVE-2018-18014?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-18014?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2018-18014

HIGH Year: 2018

CVSS v3 Score

7.8

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-287

View all →

Vulnerability Description

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.

CVE-2011-4338

HIGH

CVSS:7.8(High)

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact th...

CWE-2872011

CVE-2013-5582

HIGH

CVSS:7.8(High)

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extr...

CWE-2872013

CVE-2014-1867

HIGH

CVSS:7.8(High)

suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution

CWE-2872014

CVE-2014-8347

HIGH

CVSS:7.8(High)

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevate...

CWE-2872014