Описание
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00113
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
EPSS
Процентиль: 30%
0.00113
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-94