CVE-2018-1237
Description
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.32
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Mozilla Firefox (61.0) | Windows |
| Mozilla Firefox (x64) (61.0) | Windows |
| Mozilla Firefox ESR (60.1.0) | Windows |
| Mozilla Firefox ESR (x64) (60.1.0) | Windows |
| Mozilla Thunderbird (52.9.0) | Windows |
| Mozilla Firefox (61.0.1) | Windows |
| Mozilla Firefox (x64) (61.0.1) | Windows |
| Mozilla Thunderbird (52.9.1) | Windows |
| Mozilla Firefox (61.0.2) | Windows |
| Mozilla Firefox (x64) (61.0.2) | Windows |
| Mozilla Firefox (62.0) | Windows |
| Mozilla Firefox (x64) (62.0) | Windows |
| Mozilla Firefox ESR (60.2.0) | Windows |
| Mozilla Firefox ESR (x64) (60.2.0) | Windows |
| Mozilla Firefox (62.0.2) | Windows |
| Mozilla Firefox ESR (60.2.1) | Windows |
| Mozilla Firefox (x64) (62.0.2) | Windows |
| Mozilla Firefox ESR (x64) (60.2.1) | Windows |
| Mozilla Thunderbird (60.2.1) | Windows |
| Mozilla Firefox (62.0.3) | Windows |
| Mozilla Firefox ESR (60.2.2) | Windows |
| Mozilla Firefox (x64) (62.0.3) | Windows |
| Mozilla Firefox ESR (x64) (60.2.2) | Windows |
| Upgrade LibreOffice (x64) 6.0.0 to latest version | Windows |
| Upgrade libreoffice 6.0.0 to latest version | Windows |
| Mozilla Thunderbird (60.0) | Windows |
| Mozilla Thunderbird (60.3.0) | Windows |
| Mozilla Thunderbird (60.3.1) | Windows |
| Mozilla Thunderbird (60.3.2) | Windows |
| Mozilla Thunderbird (60.3.3) | Windows |
| Mozilla Thunderbird (60.4.0) | Windows |
| Mozilla Thunderbird (60.5.0) | Windows |
| Mozilla Thunderbird (60.5.1) | Windows |
| Improper Authentication Vulnerability (CVE-2018-1237) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307718 | Mozilla Firefox (61.0) |
| PATCH-307725 | Mozilla Firefox (x64) (61.0) |
| PATCH-307747 | Mozilla Firefox ESR (60.1.0) |
| PATCH-307748 | Mozilla Firefox ESR (x64) (60.1.0) |
| PATCH-307749 | Mozilla Thunderbird (52.9.0) |
| PATCH-307753 | Mozilla Firefox (61.0.1) |
| PATCH-307758 | Mozilla Firefox (x64) (61.0.1) |
| PATCH-307789 | Mozilla Thunderbird (52.9.1) |
| PATCH-307919 | Mozilla Firefox (61.0.2) |
| PATCH-307924 | Mozilla Firefox (x64) (61.0.2) |
| PATCH-308023 | Mozilla Firefox (62.0) |
| PATCH-308025 | Mozilla Firefox (x64) (62.0) |
| PATCH-308027 | Mozilla Firefox ESR (60.2.0) |
| PATCH-308035 | Mozilla Firefox ESR (x64) (60.2.0) |
| PATCH-308122 | Mozilla Firefox (62.0.2) |
| PATCH-308123 | Mozilla Firefox ESR (60.2.1) |
| PATCH-308124 | Mozilla Firefox (x64) (62.0.2) |
| PATCH-308125 | Mozilla Firefox ESR (x64) (60.2.1) |
| PATCH-308155 | Mozilla Thunderbird (60.2.1) |
| PATCH-308180 | Mozilla Firefox (62.0.3) |
| PATCH-308181 | Mozilla Firefox ESR (60.2.2) |
| PATCH-308182 | Mozilla Firefox (x64) (62.0.3) |
| PATCH-308183 | Mozilla Firefox ESR (x64) (60.2.2) |
| PATCH-343131 | LibreOffice (x64) (24.8.3) |
| PATCH-307102 | Updates for LibreOffice (6.0.1) |
| PATCH-307900 | Mozilla Thunderbird (60.0) |
| PATCH-308341 | Mozilla Thunderbird (60.3.0) |
| PATCH-308412 | Mozilla Thunderbird (60.3.1) |
| PATCH-308522 | Mozilla Thunderbird (60.3.2) |
| PATCH-308580 | Mozilla Thunderbird (60.3.3) |
| PATCH-308671 | Mozilla Thunderbird (60.4.0) |
| PATCH-308875 | Mozilla Thunderbird (60.5.0) |
| PATCH-308999 | Mozilla Thunderbird (60.5.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234