CVE-2018-18561

HIGH Year: 2018
CVSS v3 Score
8.0
High
CVSS v2 Score
7.7
High
Weakness Type
CWE-732
View all →

Vulnerability Description

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.

Related Vulnerabilities

CVE-2010-0737

HIGH
CVSS:8.0(High)

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration ...

CWE-7322010

CVE-2024-41720

HIGH
CVSS:8.0(High)

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the conf...

CWE-7322024

CVE-2025-24527

HIGH
CVSS:8.0(High)

An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.

CWE-7322025

CVE-2017-1000134

HIGH
CVSS:8.1(High)

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group memb...

CWE-7322017

CVE-2017-18894

HIGH
CVSS:8.1(High)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.

CWE-7322017

CVE-2017-2590

HIGH
CVSS:8.1(High)

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorize...

CWE-7322017