Skip to main content

Suse Lifecycle Management Server

3 CVEs product

Monthly

CVE-2013-3709 HIGH POC This Week

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Suse Lifecycle Management Server Studio Onsite Webyast
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-7042 MEDIUM This Month

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse Lifecycle Management Server
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-3710 MEDIUM This Month

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse Lifecycle Management Server
NVD
CVSS 2.0
4.3
EPSS
1.4%
EPSS 0% CVSS 7.2
HIGH POC This Week

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Suse Lifecycle Management Server Studio Onsite +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse Lifecycle Management Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse Lifecycle Management Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy