CVE Vulnerabilities

CVE-2016-10836

Improper Authentication

Published: Aug 01, 2019 | Modified: Aug 13, 2019
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Cpanel Cpanel 11.50.0.4 (including) 11.50.5.2 (excluding)
Cpanel Cpanel 11.51.9999.98 (including) 11.52.4.1 (excluding)
Cpanel Cpanel 11.54.0.0 (including) 11.54.0.20 (excluding)
Cpanel Cpanel 55.9999.61 (including) 55.9999.141 (excluding)

Potential Mitigations

References