CVE-2019-18905

EPSS 0.11%
Veröffentlicht 03.04.2020 11:15:12
Zuletzt bearbeitet 21.11.2024 04:33:49
Quelle meissner@suse.de
Teams Watchlist Login
Unerledigt Login

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Autoyast2 Version <= 4.1.9-3.9.1

Suse ≫ Linux Enterprise Server Version12 Update-

Opensuse ≫ Autoyast2 Version <= 4.0.70-3.20.1

Suse ≫ Linux Enterprise Server Version15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
meissner@suse.de	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00050.html

https://bugzilla.suse.com/show_bug.cgi?id=1140711

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-18905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18905

EUVD