Lucene search

[email protected]NVD:CVE-2019-18906

HistoryJun 30, 2021 - 9:15 a.m.

CVE-2019-18906

2021-06-3009:15:07

CWE-287

[email protected]

web.nvd.nist.gov

improper authentication

suse linux enterprise server

sap

suse manager server 4.0

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.9%

JSON

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

Affected configurations

Nvd

Node

suselinux_enterprise_serverMatch12sp5sap

AND

opensusecryptctlRange<2.4

Node

susemanager_serverMatch4.0

AND

opensusecryptctlRange<2.4

VendorProductVersionCPE
suselinux_enterprise_server12cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*
opensusecryptctl*cpe:2.3:a:opensuse:cryptctl:*:*:*:*:*:*:*:*
susemanager_server4.0cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
suse	linux_enterprise_server	12	cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::sap::*
opensuse	cryptctl	*	cpe:2.3:a:opensuse:cryptctl::::::::
suse	manager_server	4.0	cpe:2.3:a:suse:manager_server:4.0:::::::*