CVE-2018-17245

CRITICAL Year: 2018
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-201
View all →

Vulnerability Description

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.

Related Vulnerabilities

CVE-2020-26085

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27127

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27132

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27133

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27134

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2025-48749

CRITICAL
CVSS:9.1(Critical)

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

CWE-2012025