VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-qta1-kh76-wqad

Essentials
Severities (24)
References (16)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qta1-kh76-wqad
Aliases	CVE-2018-15758 GHSA-h8w4-qv99-f7vj
Summary
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-269	Improper Privilege Management
CWE-285	Improper Authorization
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	8.1	https://access.redhat.com/errata/RHSA-2019:2413
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2019:2413
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15758.json
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2018-15758
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2018-15758
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2018-15758
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2018-15758
cvssv3.1	8.1	https://github.com/advisories/GHSA-h8w4-qv99-f7vj
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-h8w4-qv99-f7vj
generic_textual	HIGH	https://github.com/advisories/GHSA-h8w4-qv99-f7vj
cvssv3.1	8.1	https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
generic_textual	HIGH	https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
cvssv3.1	8.1	https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
generic_textual	HIGH	https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
cvssv3.1	8.1	https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
generic_textual	HIGH	https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
cvssv3.1	8.1	https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
generic_textual	HIGH	https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2018-15758
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2018-15758
cvssv3.1	8.1	https://pivotal.io/security/cve-2018-15758
generic_textual	HIGH	https://pivotal.io/security/cve-2018-15758
cvssv3.1	8.1	http://www.securityfocus.com/bid/105687
generic_textual	HIGH	http://www.securityfocus.com/bid/105687

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2019:2413
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15758.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-15758
		https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
		https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
		https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
		https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
		https://github.com/spring-projects/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0
		https://github.com/spring-projects/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97
		https://github.com/spring-projects/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef
		https://github.com/spring-projects/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf
		http://www.securityfocus.com/bid/105687
1643048		https://bugzilla.redhat.com/show_bug.cgi?id=1643048
CVE-2018-15758		https://nvd.nist.gov/vuln/detail/CVE-2018-15758
CVE-2018-15758		https://pivotal.io/security/cve-2018-15758
GHSA-h8w4-qv99-f7vj		https://github.com/advisories/GHSA-h8w4-qv99-f7vj

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2019:2413

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15758.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-h8w4-qv99-f7vj

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-15758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://pivotal.io/security/cve-2018-15758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/105687

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.55996
EPSS Score	0.00326
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:20:06.341239+00:00	ProjectKB MSRImporter	Import	https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv	38.6.0