CVE-2018-12471
MEDIUMSUSE Linux SMT < 3.0.37 - XML External Entity Injection
Title source: llmDescription
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
References (1)
Core 1
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1103809
Scores
CVSS v3
6.5
EPSS
0.0051
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (1)
suse/subscription_management_tool
< 3.0.37
Published
Oct 04, 2018
Tracked Since
Feb 18, 2026