CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1000812

HIGH
8.1
CVSS Severity Score
EPSS Score0.0920%
EPSS Percentile38.34th
Published2018年12月20日
Last Modified2024年11月21日

Vulnerability Description

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.

Affected Platforms (CPE)

📦
Artica

Integria Ims

<= 5.0

References & Advisories

🔗 https://cp270.wordpress.com/2018/05/14/war-story-password-resets/
🔗 https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047
🔗 https://github.com/fleetcaptain/integria-takeover
🔗 https://cp270.wordpress.com/2018/05/14/war-story-password-resets/
🔗 https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047
🔗 https://github.com/fleetcaptain/integria-takeover

関連する脆弱性情報

CVE-2019-150919.8

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

CVE-2021-38329.8

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated atta...

CVE-2021-38339.8

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 h...

CVE-2018-198296.5

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when ...