Known Vulnerabilities for Suse Lifecycle Management Server by Novell

Listed below are 5 of the newest known vulnerabilities associated with "Suse Lifecycle Management Server" by "Novell".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2013-7042 json	SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local ...	4.6 - MEDIUM	2013-12-10	2017-08-29
CVE-2013-3710 json	SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows...	4.3 - MEDIUM	2013-12-10	2013-12-12
CVE-2013-3709 json	WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by rea...	7.2 - HIGH	2013-12-23	2014-01-14
CVE-2011-0993 json	SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sens...	2.1 - LOW	2014-04-16	2017-08-17
CVE-2010-1325 json	Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on...	4.3 - MEDIUM	2010-09-03	2017-08-17

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version
Application	Novell	Suse Lifecycle Management Server	1.3.7
Application	Novell	Suse Lifecycle Management Server	1.3
Application	Novell	Suse Lifecycle Management Server	1.2
Application	Novell	Suse Lifecycle Management Server	1.1
Application	Novell	Suse Lifecycle Management Server	1.0