Vulnerability in Novell Suse_lifecycle_management_server

CVE-2013-7042

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.

EPSS: 0.001 (30.5th percentile) — read the EPSS interpretation.

Affected products

Novell Suse_lifecycle_management_server — versions 1.0, 1.1, 1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

SUSE-SU-2013:1813 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
slms-cve20137042-information-disclosure(89897) (vdb-entry, x_refsource_XF)
100652 (x_refsource_OSVDB, vdb-entry)