Vulnerabilities > Suse > Subscription Management Tool > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-04 CVE-2018-12470 SQL Injection vulnerability in Suse Subscription Management Tool
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements.
network
low complexity
suse CWE-89
critical
 9.8
9.8
2018-10-04 CVE-2018-12472 Improper Authentication vulnerability in Suse Subscription Management Tool
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server.
network
low complexity
suse CWE-287
critical
 9.1
9.1