Vulnerabilities > Novell > Suse Lifecycle Management Server > 1.3

DATE	CVE	VULNERABILITY TITLE	RISK
2013-12-23	CVE-2013-3709	Permissions, Privileges, and Access Controls vulnerability in multiple products WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. local low complexity novell suse CWE-264	7.2
2013-12-10	CVE-2013-7042	Permissions, Privileges, and Access Controls vulnerability in Novell Suse Lifecycle Management Server SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. local low complexity novell CWE-264	4.6
2013-12-10	CVE-2013-3710	Cryptographic Issues vulnerability in Novell Suse Lifecycle Management Server SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. network novell CWE-310	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.