CVE-2018-1000628

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/147305	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:battelle:v2i_hub:2.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-12-28 16:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-1000628

Mitre link : CVE-2018-1000628

CVE.ORG link : CVE-2018-1000628

JSON object : View

Products Affected

battelle

v2i_hub

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-1000628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-12-28T16:29:01.487", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147305", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding \"[]\" to the end of \"key\" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions."}, {"lang": "es", "value": "Battelle V2I Hub 2.5.1 podr\u00eda permitir que un atacante remoto omita las restricciones de seguridad, provocadas por la comprobaci\u00f3n directa de la API contra un valor proporcionado por el usuario en el array de la variable global GET de PHP, que emplea la funci\u00f3n strcmp() de PHP. Al a\u00f1adir \"[]\" al final de \"key\" en la URL al acceder a las funciones de la API, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar funciones de la API."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:battelle:v2i_hub:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9747CA47-A40D-4610-B026-2F2ECF490F3F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}