CVE-2018-9115

{"id": "CVE-2018-9115", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-04-04T19:29:00.453", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141099", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/146982", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/44375/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer."}, {"lang": "es", "value": "Systematic SitaWare 6.4 SP2 no valida suficientemente las entradas de otros or\u00edgenes, por ejemplo, la informaci\u00f3n que utiliza la interfaz NVG. Un atacante puede congelar Situational Layer, lo que significa que Situational Picture ya no se actualiza. Desafortunadamente, el usuario no puede darse cuenta hasta que intente trabajar en esa capa."}], "lastModified": "2018-05-22T13:10:48.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:systematicinc:sitaware:6.4:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E039FF4-AE3F-40AE-BE0D-4A1EAF280C4C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}