Search for vulnerabilities
Vulnerability details: VCID-rsns-atx8-vfg8
Vulnerability ID VCID-rsns-atx8-vfg8
Aliases CVE-2018-14628
Summary An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-862 Missing Authorization
System Score Found at
cvssv3 4.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14628.json
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.00419 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
epss 0.0087 https://api.first.org/data/v1/epss?cve=CVE-2018-14628
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-14628
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14628.json
https://api.first.org/data/v1/epss?cve=CVE-2018-14628
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14628
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
https://security.netapp.com/advisory/ntap-20230223-0008/
http://www.openwall.com/lists/oss-security/2023/11/28/4
1034803 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034803
1625445 https://bugzilla.redhat.com/show_bug.cgi?id=1625445
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2018-14628 https://nvd.nist.gov/vuln/detail/CVE-2018-14628
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14628.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61172
EPSS Score 0.00419
Published At Sept. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:31.825834+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.22/main.json 37.0.0