Search for vulnerabilities
Vulnerability details: VCID-b4f8-17jc-aaap
Vulnerability ID VCID-b4f8-17jc-aaap
Aliases CVE-2018-8269
GHSA-mv2r-q4g5-j8q5
Summary Microsoft.Data.OData Library improperly handles web requests
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.02863 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.19538 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.40806 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.40806 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.40806 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.40806 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
epss 0.68996 https://api.first.org/data/v1/epss?cve=CVE-2018-8269
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-mv2r-q4g5-j8q5
cvssv3.1 7.5 https://github.com/aspnet/Announcements/issues/385
generic_textual HIGH https://github.com/aspnet/Announcements/issues/385
cvssv3.1 7.5 https://github.com/github/advisory-database/issues/302
generic_textual HIGH https://github.com/github/advisory-database/issues/302
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2018-8269
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8269
cvssv3.1 7.5 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269
generic_textual HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269
cvssv3.1 7.5 https://www.exploit-db.com/exploits/46101
generic_textual HIGH https://www.exploit-db.com/exploits/46101
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-8269
https://github.com/aspnet/Announcements/issues/385
https://github.com/dotnet/aspnetcore/issues/13860
https://github.com/github/advisory-database/issues/302
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269
https://www.exploit-db.com/exploits/46101
https://www.exploit-db.com/exploits/46101/
http://www.securityfocus.com/bid/105322
cpe:2.3:a:microsoft:microsoft.data.odata:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:microsoft.data.odata:-:*:*:*:*:*:*:*
CVE-2018-8269 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46101.rb
CVE-2018-8269 https://nvd.nist.gov/vuln/detail/CVE-2018-8269
GHSA-mv2r-q4g5-j8q5 https://github.com/advisories/GHSA-mv2r-q4g5-j8q5
Data source Exploit-DB
Date added Jan. 9, 2019
Description Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
Ransomware campaign use Unknown
Source publication date Jan. 9, 2019
Exploit type dos
Platform windows
Source update date Jan. 9, 2019
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/aspnet/Announcements/issues/385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/github/advisory-database/issues/302
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8269
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.exploit-db.com/exploits/46101
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.91004
EPSS Score 0.02863
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.