Search for vulnerabilities
Vulnerability details: VCID-qte4-vr2u-aaan
Vulnerability ID VCID-qte4-vr2u-aaan
Aliases CVE-2018-14628
Summary An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-862 Missing Authorization
System Score Found at
cvssv3 4.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14628.json
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00802 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.017 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-14628
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-14628
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14628.json
https://api.first.org/data/v1/epss?cve=CVE-2018-14628
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14628
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
https://security.netapp.com/advisory/ntap-20230223-0008/
http://www.openwall.com/lists/oss-security/2023/11/28/4
1034803 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034803
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2018-14628 https://nvd.nist.gov/vuln/detail/CVE-2018-14628
GLSA-202402-28 https://security.gentoo.org/glsa/202402-28
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14628.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40382
EPSS Score 0.00092
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.