Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-9233

EPSS 0.06% · P17
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-9233

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sophos Endpoint Protection 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sophos Endpoint Protection是英国Sophos公司的一套同时提供防恶意软件和数据保护功能的安全防护解决方案。该方案包括恶意软件防护、客户端防火墙和数据泄露保护等功能。 Sophos Endpoint Protection 10.7版本中存在加密问题漏洞,该漏洞源于在%PROGRAMDATA%SophosSophos Anti-VirusConfigmachine.xml中程序使用了未加盐的SHA-1散列来存储密码。本地攻击者可借助彩虹表或其他方法利用该漏洞确定明文密码,更改设置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-9233

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-9233

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-04-05 · 21 CVEs total

CVE-2018-1000146CloudBees Jenkins Liquibase Runner Plugin 权限许可与访问控制漏洞
CVE-2018-9309ZZCMS SQL注入漏洞
CVE-2018-1000154Zammad 跨站脚本漏洞
CVE-2018-1000153CloudBees Jenkins vSphere Plugin 跨站请求伪造漏洞
CVE-2018-1000152CloudBees Jenkins vSphere Plugin 授权问题漏洞
CVE-2018-1000151CloudBees Jenkins vSphere Plugin 安全漏洞
CVE-2018-1000150CloudBees Jenkins Reverse Proxy Auth Plugin 信息泄露漏洞
CVE-2018-1000149CloudBees Jenkins Ansible Plugin 安全漏洞
CVE-2018-1000148CloudBees Jenkins Copy To Slave Plugin 信息泄露漏洞
CVE-2018-1000147Jenkins Perforce Plugin 安全漏洞
CVE-2018-9328PHP Scripts Mall Redbus Clone Script 跨站脚本漏洞
CVE-2018-1000145CloudBees Jenkins Perforce Plugin 信息泄露漏洞
CVE-2018-1000144CloudBees Jenkins Cucumber Living Documentation Plugin 跨站脚本漏洞
CVE-2018-1000143CloudBees Jenkins GitHub Pull Request Builder Plugin 信息泄露漏洞
CVE-2018-1000142CloudBees Jenkins GitHub Pull Request Builder Plugin 信息泄露漏洞
CVE-2018-9244GitLab Community和Enterprise Editions 跨站脚本漏洞
CVE-2018-9243GitLab Community和Enterprise Editions 跨站脚本漏洞
CVE-2018-7035Gleez CMS 跨站脚本漏洞
CVE-2018-4863Sophos Endpoint Protection 安全特征问题漏洞
CVE-2014-3413Juniper Junos Space MySQL服务器安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-9233

No comments yet

Leave a comment