High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-27	CVE-2017-14807	SQL Injection vulnerability in Suse Studio Onsite and Susestudio-Ui-Server An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. network low complexity suse CWE-89	8.1
2018-06-07	CVE-2011-0467	SQL Injection vulnerability in Suse Studio Onsite and Studio Onsite Appliance A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. network low complexity suse CWE-89	8.8