Vulnerability Details : CVE-2018-1000634
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.
Products affected by CVE-2018-1000634
- cpe:2.3:a:openmicroscopy:omero:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000634
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2018-1000634
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000634
-
https://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html
Release of OMERO 5.4.7 including SECURITY FIX | Open Microscopy Environment (OME)Patch;Vendor Advisory
-
https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-password/
2018-SV3 Modify User Password | Open Microscopy Environment (OME)Vendor Advisory
Jump to