Lucene search

[email protected]CVE-2010-1325

HistorySep 03, 2010 - 8:00 p.m.

CVE-2010-1325

2010-09-0320:00:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2010-1325

csrf

vulnerability

apache2-slms

suse lifecycle management server

suse linux enterprise

sle 11

nvd

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named “Apache SLMS,” but that is incorrect.

Affected configurations

NVD

Node

novellsuse_lifecycle_management_serverMatch1.0

AND

novellsuse_linuxMatch11-enterprise

CPENameOperatorVersion
novell:suse_lifecycle_management_servernovell suse lifecycle management servereq1.0

CPE	Name	Operator	Version
novell:suse_lifecycle_management_server	novell suse lifecycle management server	eq	1.0

References

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

support.novell.com/security/cve/CVE-2010-1325.html

www.securityfocus.com/bid/42121

bugzilla.novell.com/show_bug.cgi?id=588284

exchange.xforce.ibmcloud.com/vulnerabilities/61006

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for CVE-2010-1325

prion1 nvd1 cvelist1