How severe is CVE-2018-4861?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2018-4861?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2018-4861 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Related Vulnerabilities

CVE-2016-10528

MEDIUM

CVSS:4.9(Medium)

restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it t...

CWE-222016

CVE-2016-4004

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parame...

CWE-222016

CVE-2016-4314

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to ...

CWE-222016

CVE-2016-5092

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn featur...

CWE-222016

CVE-2016-7135

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile act...

CWE-222016

CVE-2017-10841

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.

CWE-222017