How severe is CVE-2016-9463?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2016-9463?

This is classified as CWE-303, which is a common weakness in software security.

CVE-2016-9463 - HIGH Severity | CVSS 8.1

Vulnerability Description

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.

Related Vulnerabilities

CVE-2024-8642

MEDIUM

CVSS:8.1(High)

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date)...

CWE-3032024

CVE-2021-21902

HIGH

CVSS:7.5(High)

An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authenticat...

CWE-3032021

CVE-2022-33736

HIGH

CVSS:7.5(High)

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validat...

CWE-3032022

CVE-2022-41985

HIGH

CVSS:7.5(High)

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and...

CWE-3032022

CVE-2023-25957

HIGH

CVSS:7.5(High)

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9...

CWE-3032023

CVE-2024-26248

HIGH

CVSS:7.5(High)

Windows Kerberos Elevation of Privilege Vulnerability

CWE-3032024