{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T03:18:54.115","vulnerabilities":[{"cve":{"id":"CVE-2018-1163","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2018-02-08T18:29:01.400","lastModified":"2024-11-21T03:59:18.883","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752."},{"lang":"es","value":"Esta vulnerabilidad permite que los atacantes remotos omitan la autenticación en instalaciones vulnerables de Quest NetVault Backup 11.2.0.13. Este error en concreto existe en la gestión de peticiones RPC de JSON. Al establecer el parámetro checksession a un valor específico, es posible omitir la autenticación para funciones críticas. Un atacante podría aprovecharse de esta vulnerabilidad y otras para ejecutar código arbitrario en el contexto de SYSTEM. Anteriormente era ZDI-CAN-4752."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:11.2.0.13:*:*:*:*:*:*:*","matchCriteriaId":"E6C12817-69AE-4931-B9F2-E36693F7980C"}]}]}],"references":[{"url":"https://zerodayinitiative.com/advisories/ZDI-18-006","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://zerodayinitiative.com/advisories/ZDI-18-006","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}