admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-00xx/CVE-2018-0097.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

130 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-0097",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-01-18T06:29:00.877",
"lastModified": "2019-10-09T23:31:13.503",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de Cisco Prime Infrastructure podr\u00eda permitir que un usuario remoto no autenticado redirija un usuario a una p\u00e1gina web maliciosa. Esto tambi\u00e9n se conoce como redirecci\u00f3n abierta. Esta vulnerabilidad se debe a la validaci\u00f3n incorrecta de entradas de los par\u00e1metros en la petici\u00f3n HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP que pudiera provocar que la aplicaci\u00f3n web redirija la petici\u00f3n a una URL maliciosa determinada. La vulnerabilidad se conoce como ataque de redirecci\u00f3n abierta y se utiliza en ataques de phishing para hacer que los usuarios visiten p\u00e1ginas maliciosas sin que ellos lo sepan. Cisco Bug IDs: CSCve37646."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0E48F5-D4CB-49E3-8F28-6B6F27856D2E"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/102724",
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040243",
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink