VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-c4ud-sqr9-aaae

Essentials
Severities (127)
References (41)
Severity details (32)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-c4ud-sqr9-aaae
Aliases	CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28
Summary	The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-522	Insufficiently Protected Credentials
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://docs.python-requests.org/en/master/community/updates/#release-and-version-history
generic_textual	HIGH	http://docs.python-requests.org/en/master/community/updates/#release-and-version-history
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18074.html
rhas	Low	https://access.redhat.com/errata/RHSA-2019:2035
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0850
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0851
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1605
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1916
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:2068
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:2081
cvssv3	2.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
epss	0.00551	https://api.first.org/data/v1/epss?cve=CVE-2018-18074
cvssv3.1	7.5	https://bugs.debian.org/910766
generic_textual	HIGH	https://bugs.debian.org/910766
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074
cvssv3	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-x84v-xcm2-53pg
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml
cvssv3.1	7.5	https://github.com/requests/requests
generic_textual	HIGH	https://github.com/requests/requests
cvssv3.1	7.5	https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
generic_textual	HIGH	https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
cvssv3.1	7.5	https://github.com/requests/requests/issues/4716
generic_textual	HIGH	https://github.com/requests/requests/issues/4716
cvssv3.1	7.5	https://github.com/requests/requests/pull/4718
generic_textual	HIGH	https://github.com/requests/requests/pull/4718
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2018-18074
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2018-18074
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2018-18074
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3790-1
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3790-2
cvssv3.1	7.5	https://usn.ubuntu.com/3790-1
generic_textual	HIGH	https://usn.ubuntu.com/3790-1
cvssv3.1	7.5	https://usn.ubuntu.com/3790-2
generic_textual	HIGH	https://usn.ubuntu.com/3790-2
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		http://cwe.mitre.org/data/definitions/255.html
		http://docs.python-requests.org/en/master/community/updates/#release-and-version-history
		http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18074.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-18074
		https://bugs.debian.org/910766
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml
		https://github.com/requests/requests
		https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
		https://github.com/requests/requests/issues/4716
		https://github.com/requests/requests/pull/4718
		https://ubuntu.com/security/notices/USN-3790-1
		https://ubuntu.com/security/notices/USN-3790-2
		https://usn.ubuntu.com/3790-1
		https://usn.ubuntu.com/3790-1/
		https://usn.ubuntu.com/3790-2
		https://usn.ubuntu.com/3790-2/
		https://www.oracle.com/security-alerts/cpujul2022.html
910766		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910766
cpe:2.3:a:python:requests::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:requests::::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
CVE-2018-18074		https://nvd.nist.gov/vuln/detail/CVE-2018-18074
GHSA-x84v-xcm2-53pg		https://github.com/advisories/GHSA-x84v-xcm2-53pg
RHBA-2020:1540		https://bugzilla.redhat.com/show_bug.cgi?id=1643829
RHSA-2019:2035		https://access.redhat.com/errata/RHSA-2019:2035
RHSA-2020:0850		https://access.redhat.com/errata/RHSA-2020:0850
RHSA-2020:0851		https://access.redhat.com/errata/RHSA-2020:0851
RHSA-2020:1605		https://access.redhat.com/errata/RHSA-2020:1605
RHSA-2020:1916		https://access.redhat.com/errata/RHSA-2020:1916
RHSA-2020:2068		https://access.redhat.com/errata/RHSA-2020:2068
RHSA-2020:2081		https://access.redhat.com/errata/RHSA-2020:2081

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://docs.python-requests.org/en/master/community/updates/#release-and-version-history

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugs.debian.org/910766

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/requests/requests

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/requests/requests/issues/4716

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/requests/requests/pull/4718

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/3790-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/3790-2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.32974
EPSS Score	0.00155
Published At	April 6, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.