How severe is CVE-2018-15466?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2018-15466?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2018-15466 - LOW Severity | CVSS 3.7

Vulnerability Description

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.

Related Vulnerabilities

CVE-2013-2423

LOW

CVSS:3.7(Low)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors rela...

CWE-2842013

CVE-2016-0208

LOW

CVSS:3.7(Low)

IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.

CWE-2842016

CVE-2016-2960

LOW

CVSS:3.7(Low)

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 ...

CWE-2842016

CVE-2016-8330

LOW

CVSS:3.7(Low)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenti...

CWE-2842016

CVE-2019-1866

LOW

CVSS:3.7(Low)

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper ...

CWE-2842019

CVE-2022-45430

LOW

CVSS:3.7(Low)

Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vul...

CWE-2842022