Vulnerability Details CVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-18906
-
cpe:2.3:a:opensuse:cryptctl:-
-
cpe:2.3:a:opensuse:cryptctl:1.2.6
-
cpe:2.3:a:opensuse:cryptctl:1.99
-
cpe:2.3:a:opensuse:cryptctl:2.0
-
cpe:2.3:a:opensuse:cryptctl:2.1
-
cpe:2.3:a:opensuse:cryptctl:2.2
-
cpe:2.3:a:opensuse:cryptctl:2.3
-
cpe:2.3:a:suse:manager_server:4.0
-
cpe:2.3:o:suse:linux_enterprise_server:12