CVE-2018-8900

{"id": "CVE-2018-8900", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-05-02T21:29:01.103", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf", "source": "cve@mitre.org"}, {"url": "https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability."}, {"lang": "es", "value": "El servicio License Manager de los productos HASP SRM, Sentinel HASP y Sentinel LDK en versiones anteriores a Sentinel LDK RTE 7.80 permite que atacantes remotos inyecten scripts web maliciosos en la p\u00e1gina logs de Admin Control Center (ACC) para una vulnerabilidad de Cross-Site Scripting (XSS)."}], "lastModified": "2018-06-14T01:29:35.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EFDFAA6-4E42-4E3F-8834-F386F02CC934", "versionEndExcluding": "7.80"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}