Known Vulnerabilities for Suse Lifecycle Management Server by Novell

Listed below are 5 of the newest known vulnerabilities associated with "Suse Lifecycle Management Server" by "Novell".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2013-7042	SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local ...	4.6 - MEDIUM	2013-12-10	2017-08-29
CVE-2013-3710	SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows...	4.3 - MEDIUM	2013-12-10	2013-12-12
CVE-2013-3709	WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by rea...	7.2 - HIGH	2013-12-23	2014-01-14
CVE-2011-0993	SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sens...	2.1 - LOW	2014-04-16	2017-08-17
CVE-2010-1325	Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on...	4.3 - MEDIUM	2010-09-03	2017-08-17

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Novell	Suse Lifecycle Management Server	1.3.7	All	All	All
Application	Novell	Suse Lifecycle Management Server	1.3	All	All	All
Application	Novell	Suse Lifecycle Management Server	1.2	All	All	All
Application	Novell	Suse Lifecycle Management Server	1.1	All	All	All
Application	Novell	Suse Lifecycle Management Server	1.0	All	All	All