Vulnerabilities > Suse > Subscription Management Tool

DATE CVE VULNERABILITY TITLE RISK
2018-10-04 CVE-2018-12472 Improper Authentication vulnerability in Suse Subscription Management Tool
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server.
network
low complexity
suse CWE-287
critical
 9.1
9.1
2018-10-04 CVE-2018-12471 XXE vulnerability in Suse Subscription Management Tool
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements.
network
low complexity
suse CWE-611
8.1
8.1
2018-10-04 CVE-2018-12470 SQL Injection vulnerability in Suse Subscription Management Tool
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements.
network
low complexity
suse CWE-89
critical
 9.8
9.8