Skip to main content

Subscription Management Tool

3 CVEs product

Monthly

CVE-2018-12472 CRITICAL Act Now

A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Subscription Management Tool
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2018-12471 HIGH This Week

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Subscription Management Tool
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-12470 CRITICAL Act Now

A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Subscription Management Tool
NVD
CVSS 3.0
9.8
EPSS
2.0%
EPSS 2% CVSS 9.1
CRITICAL Act Now

A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Subscription Management Tool
NVD
EPSS 2% CVSS 8.1
HIGH This Week

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Subscription Management Tool
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Subscription Management Tool
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy