CVE-2018-14335

Medium

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files…

mitre·CWE-59·Published 2018-07-24

CVSS

6.5

EPSS

0.13

KEV

Exploits

cve.orgen

205 chars

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

NVDen

205 chars

NVDes

245 chars

Se ha descubierto un problema en H2 1.4.197. La manipulación incorrecta de permisos en la función backup permite que los atacantes lean archivos sensibles (fuera de sus permisos) mediante un vínculo simbólico a un archivo falso de base de datos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.0	Primary	NVD	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N