Vulnerability in Navercorp Whale
CVE-2018-9859
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable appli…
EPSS: 0.009 (55.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Navercorp Whale
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2018-9859?
- CVE-2018-9859 is a high-severity vulnerability in Navercorp Whale. CVSS score: 8.1/10. Published 2018-06-16.
- How severe is CVE-2018-9859?
- High severity. CVSS v3 base score is 8.1 out of 10.