CVE-2018-12471: External Entity processing in the RegistrationSharing module
First published: Thu Oct 04 2018(Updated: )
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suse Subscription Management Tool | <3.0.37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-12471?
CVE-2018-12471 has been classified with a medium severity level due to its potential to disclose sensitive information.
How do I fix CVE-2018-12471?
To mitigate CVE-2018-12471, upgrade to SUSE Linux SMT version 3.0.37 or later.
What kind of attacks can exploit CVE-2018-12471?
CVE-2018-12471 can be exploited by remote attackers to read sensitive data or cause a denial of service.
Which versions of SUSE Linux SMT are affected by CVE-2018-12471?
CVE-2018-12471 affects SUSE Linux SMT versions prior to 3.0.37.
What is an External Entity Reference (XXE) vulnerability?
An External Entity Reference (XXE) vulnerability allows attackers to interfere with the processing of XML data.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/suse
- canonical/suse subscription management tool