How severe is CVE-2018-18466?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-18466?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2018-18466

HIGH Year: 2018

CVSS v3 Score

7.0

High

CVSS v2 Score

1.9

Low

Weakness Type

CWE-532

View all →

Vulnerability Description

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues.

CVE-2020-6295

HIGH

CVSS:7.0(High)

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log file...

CWE-5322020

CVE-2021-1442

HIGH

CVSS:7.0(High)

A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrat...

CWE-5322021

CVE-2022-20806

HIGH

CVSS:7.1(High)

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker...

CWE-5322022

CVE-2024-24272

HIGH

CVSS:7.1(High)

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed ...

CWE-5322024

CVE-2024-28186

HIGH

CVSS:7.1(High)

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization ...

CWE-5322024

CVE-2025-20231

HIGH

CVSS:7.1(High)

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not ...

CWE-5322025

CVE-2018-18466

Vulnerability Description

Related Vulnerabilities

CVE-2020-6295

CVE-2021-1442

CVE-2022-20806

CVE-2024-24272

CVE-2024-28186

CVE-2025-20231