How severe is CVE-2018-18565?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2018-18565?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2018-18565

MEDIUM Year: 2018

CVSS v3 Score

6.8

Medium

CVSS v2 Score

4.1

Medium

Weakness Type

CWE-434

View all →

Vulnerability Description

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package.

CVE-2016-10258

MEDIUM

CVSS:6.8(Medium)

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the ma...

CWE-4342016

CVE-2022-22392

MEDIUM

CVSS:6.8(Medium)

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.

CWE-4342022

CVE-2023-28700

MEDIUM

CVSS:6.8(Medium)

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to...

CWE-4342023

CVE-2023-30968

MEDIUM

CVSS:6.8(Medium)

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting ...

CWE-4342023

CVE-2023-32562

MEDIUM

CVSS:6.8(Medium)

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.

CWE-4342023

CVE-2023-32564

MEDIUM

CVSS:6.8(Medium)

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

CWE-4342023

CVE-2018-18565

Vulnerability Description

Related Vulnerabilities

CVE-2016-10258

CVE-2022-22392

CVE-2023-28700

CVE-2023-30968

CVE-2023-32562

CVE-2023-32564