CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18905

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.2%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 4.3

References

Products affected by CVE-2019-18905

Opensuse » Autoyast2 » Version: N/A

cpe:2.3:a:opensuse:autoyast2:-
Opensuse » Autoyast2 » Version: 4.0.70-3.20.1

cpe:2.3:a:opensuse:autoyast2:4.0.70-3.20.1
Opensuse » Autoyast2 » Version: 4.1.9-3.9.1

cpe:2.3:a:opensuse:autoyast2:4.1.9-3.9.1
Suse » Linux Enterprise Server » Version: 12

cpe:2.3:o:suse:linux_enterprise_server:12
Suse » Linux Enterprise Server » Version: 15

cpe:2.3:o:suse:linux_enterprise_server:15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18905

Products

Pricing

Contact Us