CVE-2018-7268

MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:magnicomp:sysinfo:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Information

Published : 2018-05-21 08:29

Updated : 2018-10-09 13:01


NVD link : CVE-2018-7268

Mitre link : CVE-2018-7268


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

magnicomp

  • sysinfo

apple

  • mac_os_x

linux

  • linux_kernel