CVE-2017-14804 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Affected Products (NVD)

Vendor	Product	Version
opensuse	leap	42.2
opensuse	leap	42.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

obs-build

bookworm	20210120-4 fixed
bullseye	20190710-1 fixed
jessie	no-dsa
sid	20210120-4 fixed
trixie	20210120-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

obs-build

artful	ignored
bionic	needed
cosmic	not-affected
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	needed

openSUSE / SLES Releases

openSUSE Product

Release

build

suse enterprise desktop 15 SP2	20200124.1-1.21 fixed
suse enterprise sap 15 SP2	20200124.1-1.21 fixed
suse enterprise server 15 SP2	20200124.1-1.21 fixed

build-20190128

suse enterprise desktop 15	3.3.2 fixed
suse enterprise desktop 15 SP1	3.3.2 fixed
suse enterprise sap 15	3.3.2 fixed
suse enterprise sap 15 SP1	3.3.2 fixed
suse enterprise server 15	3.3.2 fixed
suse enterprise server 15 SP1	3.3.2 fixed

build-20210120

suse enterprise desktop 15 SP3	3.6.1 fixed
suse enterprise desktop 15 SP4	6.1 fixed
suse enterprise sap 15 SP3	3.6.1 fixed
suse enterprise sap 15 SP4	6.1 fixed
suse enterprise server 15 SP3	3.6.1 fixed
suse enterprise server 15 SP4	6.1 fixed

build-20230215

suse enterprise desktop 15 SP5	150200.15.1 fixed
suse enterprise desktop 15 SP6	150200.15.1 fixed
suse enterprise sap 15 SP5	150200.15.1 fixed
suse enterprise sap 15 SP6	150200.15.1 fixed
suse enterprise server 15 SP5	150200.15.1 fixed
suse enterprise server 15 SP6	150200.15.1 fixed

build-20250306

suse enterprise desktop 15 SP7	150200.19.1 fixed
suse enterprise sap 15 SP7	150200.19.1 fixed
suse enterprise server 15 SP7	150200.19.1 fixed

build-mkbaselibs

suse enterprise desktop 15 SP2	20200124.1-1.21 fixed
suse enterprise sap 15 SP2	20200124.1-1.21 fixed
suse enterprise server 15 SP2	20200124.1-1.21 fixed

build-mkbaselibs-20190128

suse enterprise desktop 15	3.3.2 fixed
suse enterprise desktop 15 SP1	3.3.2 fixed
suse enterprise sap 15	3.3.2 fixed
suse enterprise sap 15 SP1	3.3.2 fixed
suse enterprise server 15	3.3.2 fixed
suse enterprise server 15 SP1	3.3.2 fixed

build-mkbaselibs-20210120

suse enterprise desktop 15 SP3	3.6.1 fixed
suse enterprise desktop 15 SP4	6.1 fixed
suse enterprise sap 15 SP3	3.6.1 fixed
suse enterprise sap 15 SP4	6.1 fixed
suse enterprise server 15 SP3	3.6.1 fixed
suse enterprise server 15 SP4	6.1 fixed

build-mkbaselibs-20230215

suse enterprise desktop 15 SP5	150200.15.1 fixed
suse enterprise desktop 15 SP6	150200.15.1 fixed
suse enterprise sap 15 SP5	150200.15.1 fixed
suse enterprise sap 15 SP6	150200.15.1 fixed
suse enterprise server 15 SP5	150200.15.1 fixed
suse enterprise server 15 SP6	150200.15.1 fixed

build-mkbaselibs-20250306

suse enterprise desktop 15 SP7	150200.19.1 fixed
suse enterprise sap 15 SP7	150200.19.1 fixed
suse enterprise server 15 SP7	150200.19.1 fixed

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html