Vulnerability in Navercorp Whale

CVE-2018-9859

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable appli…

EPSS: 0.009 (55.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

References

Frequently asked questions

What is CVE-2018-9859?
CVE-2018-9859 is a high-severity vulnerability in Navercorp Whale. CVSS score: 8.1/10. Published 2018-06-16.
How severe is CVE-2018-9859?
High severity. CVSS v3 base score is 8.1 out of 10.