How severe is CVE-2018-5516?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2018-5516?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2018-5516

MEDIUM Year: 2018

CVSS v3 Score

4.7

Medium

CVSS v2 Score

4.7

Medium

Weakness Type

CWE-732

View all →

Vulnerability Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

CVE-2017-0913

MEDIUM

CVSS:4.7(Medium)

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Succe...

CWE-7322017

CVE-2017-1000461

MEDIUM

CVSS:4.7(Medium)

Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being a...

CWE-7322017

CVE-2017-9079

MEDIUM

CVSS:4.7(Medium)

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is rea...

CWE-7322017

CVE-2020-15910

MEDIUM

CVSS:4.7(Medium)

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a p...

CWE-7322020

CVE-2022-38170

MEDIUM

CVSS:4.7(Medium)

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable fi...

CWE-7322022

CVE-2023-47801

MEDIUM

CVSS:4.7(Medium)

An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifica...

CWE-7322023

CVE-2018-5516

Vulnerability Description

Related Vulnerabilities

CVE-2017-0913

CVE-2017-1000461

CVE-2017-9079

CVE-2020-15910

CVE-2022-38170

CVE-2023-47801