CVE-2018-7718

An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to email address, username, and password, of other user accounts. The simplest attack approach is for the attacker to intercept their own password-change request and modify the username before the request reaches the server. Also, changing a victim's email address can have a similar account-takeover consequence.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.dropbox.com/s/6tlee2uj3t3su8n/Telexy-QPath-CVE-2018-7718.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:telexy:qpath:5.4.462:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-11-08 21:29

Updated : 2019-10-03 00:03

NVD link : CVE-2018-7718

Mitre link : CVE-2018-7718

CVE.ORG link : CVE-2018-7718

JSON object : View

Products Affected

telexy

qpath

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-7718", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-11-08T21:29:00.200", "references": [{"url": "https://www.dropbox.com/s/6tlee2uj3t3su8n/Telexy-QPath-CVE-2018-7718.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to email address, username, and password, of other user accounts. The simplest attack approach is for the attacker to intercept their own password-change request and modify the username before the request reaches the server. Also, changing a victim's email address can have a similar account-takeover consequence."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Telexy QPath 5.4.462. Un usuario autentificado con bajos privilegios que proporcione una petici\u00f3n serializada especialmente dise\u00f1ada a AdanitDataService.svc puede modificar la informaci\u00f3n del usuario, incluyendo pero no limit\u00e1ndose a la direcci\u00f3n de correo electr\u00f3nico, el nombre de usuario y la contrase\u00f1a de otras cuentas de usuario. El m\u00e9todo de ataque m\u00e1s sencillo es que el atacante intercepte su propia solicitud de cambio de contrase\u00f1a y modifique el nombre de usuario antes de que la solicitud llegue al servidor. Adem\u00e1s, cambiar la direcci\u00f3n de correo electr\u00f3nico de una v\u00edctima puede tener una consecuencia similar: la apropiaci\u00f3n de la cuenta."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telexy:qpath:5.4.462:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F83FB2A-A834-4F78-B8CD-1A789519B863"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}