2 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. Una vulnerabilidad de autenticación inadecuada en cryptctl de SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 permite a los atacantes con acceso a la contraseña cifrada utilizarla sin tener que descifrarla. Este problema afecta a: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versiones anteriores a la 2.4. • https://bugzilla.suse.com/show_bug.cgi?id=1186226 • CWE-287: Improper Authentication •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. En cryptctl, en versiones anteriores a la 2.0, un servidor malicioso podría enviar peticiones RPC que podrían sobrescribir archivos fuera de la base de datos de claves de cryptctl. • https://bugzilla.suse.com/show_bug.cgi?id=1041963 https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00022.html https://www.suse.com/de-de/security/cve/CVE-2017-9270 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •