CVE-2018-12579

Published Aug 20, 2018

Last updated 6 years ago

CVSS high 8.1

Overview

Description: An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-640

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E892A194-4CD5-4106-A12B-64BC9830ED24",
            "versionEndIncluding": "4.10.7"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B413167-2113-41B0-9F50-828DC22BC2DB",
            "versionEndIncluding": "4.10.7"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A5F828C-5E0B-4138-9246-A2F0AD9A5939",
            "versionEndIncluding": "5.3.7"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "583838B8-2BEB-4EE6-9CCD-57C2D86E8C6F"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta1:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AA6AD10-1FB9-4558-80E8-5E7CD63A0EE0"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta1:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A2E8BDF-2715-4273-AF07-AC435836B26B"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E147722A-2137-49B4-806B-4F3EEE96B168"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta2:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C2C235E-94C9-48E0-BE2C-A52A1C03DA0B"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta2:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5036786-1995-4DA8-B419-DE133E84AE1E"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "024516A5-1CD2-42BA-BF3E-3F7107BCA0ED"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta3:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F848F7E-ED36-440C-945F-52ADF033AE81"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:beta3:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "766628BF-3692-49CC-919C-E1B846534127"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B70B24C9-3B67-4577-B91E-DEA55FDBA401"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A019B397-0B3D-4BC2-BD89-D704718D9ED0"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "913BA158-23AE-4129-9533-0091496460B9"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4339F463-2EF8-4072-8E06-51A865AE78C7"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D361898B-F113-4D5E-8ABD-ACCE5DF36FEC"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91E65058-886F-4E13-97B8-711804F95F5B"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.2:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8BB9F2F-2CA6-447B-BE85-96D2244EE65E"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.2:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "051470BA-A68A-45C5-8FBC-90B46901ADB6"
          },
          {
            "criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.2:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A46C391-69E7-41CF-BD7E-FE0704FB5AC4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References