Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SUSE Studio Onsite 1.1 Appliance by SUSE
CVE-2011-0467 (GCVE-0-2011-0467)
Vulnerability from nvd – Published: 2018-06-07 21:00 – Updated: 2024-09-17 01:16
VLAI
EPSS
VEX
Title
SQL injection in SUSE studio via select parameter
Summary
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.
Severity
8.8 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=675039 | x_refsource_CONFIRM |
| https://www.suse.com/security/cve/CVE-2011-0467/ | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Studio Onsite |
Affected:
unspecified , < 1.0.3-0.18.1
(custom)
|
|
| SUSE | SUSE Studio Onsite 1.1 Appliance |
Affected:
unspecified , < 1.1.2-0.25.1
(custom)
|
Date Public
2011-02-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2011-0467/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Studio Onsite",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.0.3-0.18.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SUSE Studio Onsite 1.1 Appliance",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.1.2-0.25.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Weckbecker of SUSE"
}
],
"datePublic": "2011-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/security/cve/CVE-2011-0467/"
}
],
"source": {
"advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
"defect": [
"675039"
],
"discovery": "INTERNAL"
},
"title": "SQL injection in SUSE studio via select parameter",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2011-02-25T00:00:00.000Z",
"ID": "CVE-2011-0467",
"STATE": "PUBLIC",
"TITLE": "SQL injection in SUSE studio via select parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Studio Onsite",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.0.3-0.18.1"
}
]
}
},
{
"product_name": "SUSE Studio Onsite 1.1 Appliance",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.1.2-0.25.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Weckbecker of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
},
{
"name": "https://www.suse.com/security/cve/CVE-2011-0467/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/security/cve/CVE-2011-0467/"
}
]
},
"source": {
"advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
"defect": [
"675039"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2011-0467",
"datePublished": "2018-06-07T21:00:00.000Z",
"dateReserved": "2011-01-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:48.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0467 (GCVE-0-2011-0467)
Vulnerability from cvelistv5 – Published: 2018-06-07 21:00 – Updated: 2024-09-17 01:16
VLAI
EPSS
VEX
Title
SQL injection in SUSE studio via select parameter
Summary
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.
Severity
8.8 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=675039 | x_refsource_CONFIRM |
| https://www.suse.com/security/cve/CVE-2011-0467/ | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Studio Onsite |
Affected:
unspecified , < 1.0.3-0.18.1
(custom)
|
|
| SUSE | SUSE Studio Onsite 1.1 Appliance |
Affected:
unspecified , < 1.1.2-0.25.1
(custom)
|
Date Public
2011-02-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2011-0467/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Studio Onsite",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.0.3-0.18.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SUSE Studio Onsite 1.1 Appliance",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.1.2-0.25.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Weckbecker of SUSE"
}
],
"datePublic": "2011-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/security/cve/CVE-2011-0467/"
}
],
"source": {
"advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
"defect": [
"675039"
],
"discovery": "INTERNAL"
},
"title": "SQL injection in SUSE studio via select parameter",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2011-02-25T00:00:00.000Z",
"ID": "CVE-2011-0467",
"STATE": "PUBLIC",
"TITLE": "SQL injection in SUSE studio via select parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Studio Onsite",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.0.3-0.18.1"
}
]
}
},
{
"product_name": "SUSE Studio Onsite 1.1 Appliance",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.1.2-0.25.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Weckbecker of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
},
{
"name": "https://www.suse.com/security/cve/CVE-2011-0467/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/security/cve/CVE-2011-0467/"
}
]
},
"source": {
"advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
"defect": [
"675039"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2011-0467",
"datePublished": "2018-06-07T21:00:00.000Z",
"dateReserved": "2011-01-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:48.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}