Sign-up

ID

VAR-201808-0926


CVE

CVE-2018-3650


TITLE

INTEL Distribution for Python Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008750

DESCRIPTION

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. INTEL Distribution for Python Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Distribution for Python is a Python-based integrated software package from Intel Corporation of the United States. It is mainly used to accelerate computing-intensive applications and optimize performance using Intel's native performance library. Bleach module is one of the text cleaning modules. The vulnerability stems from the program's insufficient implementation of input validation. Attackers can exploit this vulnerability to bypass URL filtering

Trust: 1.71

sources: NVD: CVE-2018-3650 // JVNDB: JVNDB-2018-008750 // VULHUB: VHN-133681

AFFECTED PRODUCTS

vendor:intelmodel:distribution for pythonscope:eqversion:2018

Trust: 2.2

vendor:intelmodel:distribution for pythonscope:ltversion:2018

Trust: 1.0

vendor:intelmodel:distribution for pythonscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-008750 // CNNVD: CNNVD-201808-033 // NVD: CVE-2018-3650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3650
value: HIGH

Trust: 1.0

NVD: CVE-2018-3650
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-033
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133681
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3650
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133681
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3650
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133681 // JVNDB: JVNDB-2018-008750 // CNNVD: CNNVD-201808-033 // NVD: CVE-2018-3650

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-133681 // JVNDB: JVNDB-2018-008750 // NVD: CVE-2018-3650

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-033

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201808-033

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008750

PATCH
title:INTEL-SA-00129url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00129.html
Trust: 0.8
title:Intel Distribution for Python Bleach Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82779
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008750 // 
            
            
            
            CNNVD: CNNVD-201808-033

EXTERNAL IDS
db:NVDid:CVE-2018-3650
Trust: 2.5
db:JVNDBid:JVNDB-2018-008750
Trust: 0.8
db:CNNVDid:CNNVD-201808-033
Trust: 0.7
db:VULHUBid:VHN-133681
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133681 // 
            
            
            
            JVNDB: JVNDB-2018-008750 // 
            
            
            
            CNNVD: CNNVD-201808-033 // 
            
            
            
            NVD: CVE-2018-3650

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3650
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3650
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133681 // 
            
            
            
            JVNDB: JVNDB-2018-008750 // 
            
            
            
            CNNVD: CNNVD-201808-033 // 
            
            
            
            NVD: CVE-2018-3650

SOURCES
db:VULHUBid:VHN-133681
db:JVNDBid:JVNDB-2018-008750
db:CNNVDid:CNNVD-201808-033
db:NVDid:CVE-2018-3650

LAST UPDATE DATE
2024-11-23T22:00:19.423000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133681date:2018-11-19T00:00:00
db:JVNDBid:JVNDB-2018-008750date:2018-10-26T00:00:00
db:CNNVDid:CNNVD-201808-033date:2018-08-02T00:00:00
db:NVDid:CVE-2018-3650date:2024-11-21T04:05:50.430

SOURCES RELEASE DATE
db:VULHUBid:VHN-133681date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2018-008750date:2018-10-26T00:00:00
db:CNNVDid:CNNVD-201808-033date:2018-08-02T00:00:00
db:NVDid:CVE-2018-3650date:2018-08-01T15:29:00.377