nvd-json-data-feeds/CVE-2018/CVE-2018-147xx/CVE-2018-14772.json

{
  "id": "CVE-2018-14772",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-10-16T22:29:01.603",
  "lastModified": "2020-08-24T17:37:01.140",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection."
    },
    {
      "lang": "es",
      "value": "Pydio, desde la versi\u00f3n 4.2.1 hasta la 8.2.1, tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada por la que un atacante con acceso de administrador a la aplicaci\u00f3n web puede ejecutar c\u00f3digo arbitrario en el sistema subyacente mediante una inyecci\u00f3n de comandos."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.2.1",
              "versionEndIncluding": "8.2.1",
              "matchCriteriaId": "A8A2CB60-BBC5-4477-9EA3-29B23C13A396"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://coastalsec.io/cve-2018-14772-remote-code-execution",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Technical Description",
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2018-14772",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2018-10-16T22:29:01.603",`
			`"lastModified": "2020-08-24T17:37:01.140",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Pydio, desde la versi\u00f3n 4.2.1 hasta la 8.2.1, tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada por la que un atacante con acceso de administrador a la aplicaci\u00f3n web puede ejecutar c\u00f3digo arbitrario en el sistema subyacente mediante una inyecci\u00f3n de comandos."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.2,`
			`"impactScore": 5.9`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "SINGLE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "COMPLETE",`
			`"availabilityImpact": "COMPLETE",`
			`"baseScore": 9.0`
			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 8.0,`
			`"impactScore": 10.0,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-78"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:pydio:pydio::::::::",`
			`"versionStartIncluding": "4.2.1",`
			`"versionEndIncluding": "8.2.1",`
			`"matchCriteriaId": "A8A2CB60-BBC5-4477-9EA3-29B23C13A396"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://coastalsec.io/cve-2018-14772-remote-code-execution",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Patch",`
			`"Technical Description",`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`