How severe is CVE-2018-15448?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2018-15448?

This is classified as CWE-16, which is a common weakness in software security.

CVE-2018-15448 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.

Related Vulnerabilities

CVE-2019-1868

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to...

CWE-162019

CVE-2020-3484

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected ...

CWE-162020

CVE-2021-31380

MEDIUM

CVSS:5.3(Medium)

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclos...

CWE-162021

CVE-2021-35233

MEDIUM

CVSS:5.3(Medium)

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that u...

CWE-162021

CVE-2019-19002

MEDIUM

CVSS:5.4(Medium)

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might inc...

CWE-162019

CVE-2018-11922

MEDIUM

CVSS:5.5(Medium)

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

CWE-162018