CVE-2018-0686

{"id": "CVE-2018-0686", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-11-15T15:29:00.723", "references": [{"url": "http://jvn.jp/en/jp/JVN00344155/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.denbun.com/en/imap/support/security/181003.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.denbun.com/en/pop/support/security/181003.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors."}, {"lang": "es", "value": "Denbun, de NEOJAPAN Inc. (Denbun POP en versiones V3.3P R4.0 y anteriores, Denbun IMAP en versiones V3.3I R4.0 y anteriores) permite que los atacantes remotos autenticados suban y ejecuten cualquier archivo ejecutable mediante vectores sin especificar."}], "lastModified": "2018-12-17T15:14:37.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:neo:debun_imap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11D627EC-0433-4F89-818A-AC39E2E10237", "versionEndIncluding": "3.3i_r4.0"}, {"criteria": "cpe:2.3:a:neo:debun_pop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEC73120-D8A0-4B96-A781-2843D07DB374", "versionEndIncluding": "3.3p_r4.0"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}