How severe is CVE-2018-1195?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-1195?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2018-1195

HIGH Year: 2018

CVSS v3 Score

8.8

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-613

View all →

Vulnerability Description

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.

CVE-2017-15653

HIGH

CVSS:8.8(High)

Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing adminis...

CWE-6132017

CVE-2017-6529

HIGH

CVSS:8.8(High)

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.

CWE-6132017

CVE-2019-10229

HIGH

CVSS:8.8(High)

An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDA...

CWE-6132019

CVE-2019-12421

HIGH

CVSS:8.8(High)

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server ...

CWE-6132019