Search
Find a vulnerability
Search criteria
6 vulnerabilities found for subscription_management_tool by suse
CVE-2018-12472 (GCVE-0-2018-12472)
Vulnerability from nvd – Published: 2018-10-04 14:00 – Updated: 2024-09-16 23:31
VLAI
Title
Authentication bypass in sibling check
Summary
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Severity
7.3 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1104076 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE Linux | SMT |
Affected:
unspecified , < 3.0.37
(custom)
|
Date Public
2018-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMT",
"vendor": "SUSE Linux",
"versions": [
{
"lessThan": "3.0.37",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jake Miller"
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:27.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1104076"
],
"discovery": "EXTERNAL"
},
"title": "Authentication bypass in sibling check",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12472",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in sibling check"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1104076",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1104076"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12472",
"datePublished": "2018-10-04T14:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:31:29.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12471 (GCVE-0-2018-12471)
Vulnerability from nvd – Published: 2018-10-04 14:00 – Updated: 2024-09-17 01:50
VLAI
Title
External Entity processing in the RegistrationSharing module
Summary
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Severity
6.5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1103809 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE Linux | SMT |
Affected:
unspecified , < 3.0.37
(custom)
|
Date Public
2018-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMT",
"vendor": "SUSE Linux",
"versions": [
{
"lessThan": "3.0.37",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jake Miller"
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A External Entity Reference (\u0027XXE\u0027) vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:45.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103809"
],
"discovery": "EXTERNAL"
},
"title": "External Entity processing in the RegistrationSharing module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12471",
"STATE": "PUBLIC",
"TITLE": "External Entity processing in the RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A External Entity Reference (\u0027XXE\u0027) vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103809",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103809"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12471",
"datePublished": "2018-10-04T14:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:50:45.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12470 (GCVE-0-2018-12470)
Vulnerability from nvd – Published: 2018-10-04 14:00 – Updated: 2024-09-16 18:28
VLAI
Title
SQL injection in RegistrationSharing module
Summary
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Severity
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1103810 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE Linux | SMT |
Affected:
unspecified , < 3.0.37
(custom)
|
Date Public
2018-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMT",
"vendor": "SUSE Linux",
"versions": [
{
"lessThan": "3.0.37",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jake Miller"
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery": "EXTERNAL"
},
"title": "SQL injection in RegistrationSharing module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12470",
"STATE": "PUBLIC",
"TITLE": "SQL injection in RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103810",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12470",
"datePublished": "2018-10-04T14:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:28:50.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12471 (GCVE-0-2018-12471)
Vulnerability from cvelistv5 – Published: 2018-10-04 14:00 – Updated: 2024-09-17 01:50
VLAI
Title
External Entity processing in the RegistrationSharing module
Summary
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Severity
6.5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1103809 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE Linux | SMT |
Affected:
unspecified , < 3.0.37
(custom)
|
Date Public
2018-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMT",
"vendor": "SUSE Linux",
"versions": [
{
"lessThan": "3.0.37",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jake Miller"
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A External Entity Reference (\u0027XXE\u0027) vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:45.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103809"
],
"discovery": "EXTERNAL"
},
"title": "External Entity processing in the RegistrationSharing module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12471",
"STATE": "PUBLIC",
"TITLE": "External Entity processing in the RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A External Entity Reference (\u0027XXE\u0027) vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103809",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103809"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12471",
"datePublished": "2018-10-04T14:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:50:45.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12470 (GCVE-0-2018-12470)
Vulnerability from cvelistv5 – Published: 2018-10-04 14:00 – Updated: 2024-09-16 18:28
VLAI
Title
SQL injection in RegistrationSharing module
Summary
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Severity
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1103810 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE Linux | SMT |
Affected:
unspecified , < 3.0.37
(custom)
|
Date Public
2018-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMT",
"vendor": "SUSE Linux",
"versions": [
{
"lessThan": "3.0.37",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jake Miller"
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery": "EXTERNAL"
},
"title": "SQL injection in RegistrationSharing module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12470",
"STATE": "PUBLIC",
"TITLE": "SQL injection in RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103810",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12470",
"datePublished": "2018-10-04T14:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:28:50.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12472 (GCVE-0-2018-12472)
Vulnerability from cvelistv5 – Published: 2018-10-04 14:00 – Updated: 2024-09-16 23:31
VLAI
Title
Authentication bypass in sibling check
Summary
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Severity
7.3 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1104076 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE Linux | SMT |
Affected:
unspecified , < 3.0.37
(custom)
|
Date Public
2018-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMT",
"vendor": "SUSE Linux",
"versions": [
{
"lessThan": "3.0.37",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jake Miller"
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:27.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1104076"
],
"discovery": "EXTERNAL"
},
"title": "Authentication bypass in sibling check",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12472",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in sibling check"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1104076",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1104076"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12472",
"datePublished": "2018-10-04T14:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:31:29.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}