Vulnerabilities > Suse > Susestudio UI Server

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2017-14807 SQL Injection vulnerability in Suse Studio Onsite and Susestudio-Ui-Server
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data.
network
low complexity
suse CWE-89
8.1
2020-01-27 CVE-2017-14806 Improper Certificate Validation vulnerability in Suse Studio Onsite and Susestudio-Ui-Server
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections.
network
high complexity
suse CWE-295
5.9