Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-z3fb-nqcp-g3fq
Vulnerability ID VCID-z3fb-nqcp-g3fq
Aliases CVE-2018-5407
Summary Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information.
Status Published
Exploitability 2.0
Weighted Severity 4.3
Risk 8.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2018-5407
cvssv3 4.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json
https://api.first.org/data/v1/epss?cve=CVE-2018-5407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1645695 https://bugzilla.redhat.com/show_bug.cgi?id=1645695
CVE-2018-5407 Exploit https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56
CVE-2018-5407 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/local/45785.md
GLSA-201903-10 https://security.gentoo.org/glsa/201903-10
RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0483
RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125
RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932
RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933
RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935
USN-3840-1 https://usn.ubuntu.com/3840-1/
Data source Exploit-DB
Date added Nov. 5, 2018
Description Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
Ransomware campaign use Unknown
Source publication date Nov. 2, 2018
Exploit type local
Platform hardware
Source update date Nov. 5, 2018
Source URL https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56
Vector: CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70564
EPSS Score 0.00643
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:00:47.851035+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201903-10 38.0.0