CVE-2013-3710

CWE-3103 documents3 sources

Severity

4.3MEDIUM

EPSS

1.4%

top 19.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Suse Lifecycle Management Server

Timeline

PublishedDec 10

Latest updateMay 17

Description

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/suse_lifecycle_management_server1.3+3

🔴Vulnerability Details

GHSA

GHSA-jx5f-wq22-f2jh: SUSE Lifecycle Management Server (SLMS) before 1↗2022-05-17

▶

CVEList

CVE-2013-3710: SUSE Lifecycle Management Server (SLMS) before 1↗2013-12-10

▶