How severe is CVE-2017-15091?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2017-15091?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2017-15091 - HIGH Severity | CVSS 7.1

Vulnerability Description

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.

Related Vulnerabilities

CVE-2016-6591

HIGH

CVSS:7.1(High)

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.

CWE-8632016

CVE-2018-10925

HIGH

CVSS:7.1(High)

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE"...

CWE-8632018

CVE-2021-1086

HIGH

CVSS:7.1(High)

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or i...

CWE-8632021

CVE-2021-20119

HIGH

CVSS:7.1(High)

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.

CWE-8632021

CVE-2021-26964

HIGH

CVSS:7.1(High)

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interfac...

CWE-8632021

CVE-2021-3456

HIGH

CVSS:7.1(High)

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allo...

CWE-8632021