How severe is CVE-2017-16858?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2017-16858?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2017-16858 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.

Related Vulnerabilities

CVE-2013-2673

MEDIUM

CVSS:6.8(Medium)

Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.

CWE-8632013

CVE-2017-12115

MEDIUM

CVSS:6.8(Medium)

An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to...

CWE-8632017

CVE-2017-12116

MEDIUM

CVSS:6.8(Medium)

An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to ...

CWE-8632017

CVE-2018-7366

MEDIUM

CVSS:6.8(Medium)

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentic...

CWE-8632018

CVE-2018-7925

MEDIUM

CVSS:6.8(Medium)

The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP ...

CWE-8632018

CVE-2018-7929

MEDIUM

CVSS:6.8(Medium)

Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations.

CWE-8632018