What is CVE-2019-18905?

CVE-2019-18905 is a medium-severity vulnerability in Suse Linux Enterprise Server 12, classified under Insufficient Verification of Data Authenticity. CVSS score: 4.8/10. Published 2020-04-03.

How severe is CVE-2019-18905?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Vulnerability in Suse Linux Enterprise Server 12

CVE-2019-18905

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyas…

EPSS: 0.001 (28.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L.

Affected products

Suse Linux Enterprise Server 12 — versions autoyast2
Suse Linux Enterprise Server 15 — versions autoyast2

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
openSUSE-SU-2020:0676 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-18905?: CVE-2019-18905 is a medium-severity vulnerability in Suse Linux Enterprise Server 12, classified under Insufficient Verification of Data Authenticity. CVSS score: 4.8/10. Published 2020-04-03.
How severe is CVE-2019-18905?: Medium severity. CVSS v3 base score is 4.8 out of 10.