CVE-2018-10211
MEDIUMVaultize Enterprise File Sharing <17.05.31 - Info Disclosure
Title source: llmDescription
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
References (2)
Core 2
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2018-10211
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211/
Scores
CVSS v3
5.3
EPSS
0.0021
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-639
Status
published
Products (1)
vaultize/enterprise_file_sharing
17.05.31
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026