Vulnerability in Novell Suse_lifecycle_management_server

CVE-2013-3710

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.014 (80.9th percentile) — read the EPSS interpretation.

Affected products

Novell Suse_lifecycle_management_server — versions 1.0, 1.1, 1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

SUSE-SU-2013:1813 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
100653 (x_refsource_OSVDB, vdb-entry)