CVE-2018-14335 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
h2database	h2	1.4.197

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

h2database

noble	not-affected
mantic	not-affected
lunar	ignored
kinetic	ignored
jammy	not-affected
impish	ignored
hirsute	ignored
groovy	ignored
focal	needed
eoan	ignored
disco	ignored
cosmic	ignored
bionic	needed
xenial	needed
trusty	dne

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://access.redhat.com/errata/RHSA-2020:0727

https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20

https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E

https://security.netapp.com/advisory/ntap-20240726-0003/

https://www.exploit-db.com/exploits/45105/

https://access.redhat.com/errata/RHSA-2020:0727

https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20

https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E

https://security.netapp.com/advisory/ntap-20240726-0003/

https://www.exploit-db.com/exploits/45105/