[Samba] Severity of unpublished CVE-2017-2619 and CVE-2017-7494

Arjit Gupta arjitk.gupta at gmail.com
Fri Jun 2 04:08:36 UTC 2017


Hi Andrew,

In above mail you have replied CVSS scores:v3 score of CVE-2017-2619 as 2.8
but on the link
<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C> mentioned it is showing 8.2.

What is the correct vulnerability score of CVE.

Arjit Kumar


On Fri, May 26, 2017 at 1:54 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2017-05-26 at 13:47 +0530, Arjit Gupta wrote:
> >
> > Thanks for the analysis of second bug.
> > Please also share CVSSv3 score for first bug.
>
> My assessment is:
>
> https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
> R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>
> 2.8
>
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>


More information about the samba mailing list