How severe is CVE-2018-3825?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-3825?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2018-3825

MEDIUM Year: 2018

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-321

View all →

Vulnerability Description

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

CVE-2020-28391

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5....

CWE-3212020

CVE-2020-28395

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do no...

CWE-3212020

CVE-2023-39982

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulne...

CWE-3212023

CVE-2024-1258

MEDIUM

CVSS:5.9(Medium)

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the compo...

CWE-3212024

CVE-2024-38314

MEDIUM

CVSS:5.9(Medium)

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

CWE-3212024

CVE-2024-47256

MEDIUM

CVSS:6.0(Medium)

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data wit...

CWE-3212024

CVE-2018-3825

Vulnerability Description

Related Vulnerabilities

CVE-2020-28391

CVE-2020-28395

CVE-2023-39982

CVE-2024-1258

CVE-2024-38314

CVE-2024-47256