2.4.469.31.1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

opensuse

CWE-377

NVD

Published: 2021-02-11

Updated: 2021-02-23

Summary

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Openldap2 2.4.26-0.74.13 Opensuse Openldap2 2.4.41-18.71.2 Opensuse Openldap2 2.4.46-9.31.1	3
OS	Suse Suse Linux Enterprise Server 15	2
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2

Common Weakness Enumeration (CWE)

CWE-377 - Insecure Temporary File

References

https://bugzilla.suse.com/show_bug.cgi?id=1175568