CVE-2018-12472

CWE-287Improper Authentication3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.4%
top 40.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Linux SMTSuse Subscription Management Tool
Timeline
PublishedOct 4
Latest updateMay 13

Description

A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

CVEListV5suse_linux/smtunspecified3.0.37

🔴Vulnerability Details

2
GHSA
GHSA-52vw-gr9g-vp37: A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server2022-05-13
CVEList
Authentication bypass in sibling check2018-10-04
CVE-2018-12472 (CRITICAL CVSS 9.1) | A improper authentication using the | cvebase.io