CVE Daily

CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows us...

High CVSS 7.8

Overview

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.

CWE: N/A Published: 2019-12-19T19:15:14.090
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.8 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags