Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-20724 (GCVE-0-2018-20724)
Vulnerability from cvelistv5 – Published: 2019-01-16 16:00 – Updated: 2024-08-05 12:12
VLAI
EPSS
Summary
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/Cacti/cacti/issues/2212 | x_refsource_MISC |
| https://github.com/Cacti/cacti/blob/develop/CHANGELOG | x_refsource_MISC |
| https://github.com/Cacti/cacti/commit/1f42478506d… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2019-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"name": "openSUSE-SU-2020:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"name": "openSUSE-SU-2020:0558",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"name": "openSUSE-SU-2020:0565",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-30T20:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"name": "openSUSE-SU-2020:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"name": "openSUSE-SU-2020:0558",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"name": "openSUSE-SU-2020:0565",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/issues/2212",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"name": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"name": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"name": "openSUSE-SU-2020:0272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"name": "openSUSE-SU-2020:0558",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"name": "openSUSE-SU-2020:0565",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20724",
"datePublished": "2019-01-16T16:00:00.000Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:12:28.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-20724",
"date": "2026-05-27",
"epss": "0.00583",
"percentile": "0.692"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.0\", \"matchCriteriaId\": \"1C7FEEA7-B141-4E6E-8B73-4DFF4844A341\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad Cross-Site Scripting (XSS) en pollers.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo nombre de host del sitio web para los recolectores de datos.\"}]",
"id": "CVE-2018-20724",
"lastModified": "2024-11-21T04:02:02.300",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-01-16T16:29:00.557",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Cacti/cacti/blob/develop/CHANGELOG\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Cacti/cacti/issues/2212\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Cacti/cacti/blob/develop/CHANGELOG\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Cacti/cacti/issues/2212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-20724\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-16T16:29:00.557\",\"lastModified\":\"2024-11-21T04:02:02.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad Cross-Site Scripting (XSS) en pollers.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo nombre de host del sitio web para los recolectores de datos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"1C7FEEA7-B141-4E6E-8B73-4DFF4844A341\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/Cacti/cacti/blob/develop/CHANGELOG\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/issues/2212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/Cacti/cacti/blob/develop/CHANGELOG\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/issues/2212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
}
}
CNVD-2019-14552
Vulnerability from cnvd - Published: 2019-05-16
VLAI
Title
Cacti跨站脚本漏洞(CNVD-2019-14552)
Description
Cacti是一款开源、基于web的网络监控和绘图工具,是为数据记录工具RRDtool设计的前端应用程序。
Cacti 1.2.0之前版本中的pollers.php文件的‘Website Hostnam’字段存在跨站脚本漏洞,该漏洞源于程序未能转义非法字符,远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
Severity
低
Patch Name
Cacti跨站脚本漏洞(CNVD-2019-14552)的补丁
Patch Description
Cacti是一款开源、基于web的网络监控和绘图工具,是为数据记录工具RRDtool设计的前端应用程序。
Cacti 1.2.0之前版本中的pollers.php文件的‘Website Hostnam’字段存在跨站脚本漏洞,该漏洞源于程序未能转义非法字符,远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-20724
Impacted products
| Name | Cacti Cacti <1.2.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-20724"
}
},
"description": "Cacti\u662f\u4e00\u6b3e\u5f00\u6e90\u3001\u57fa\u4e8eweb\u7684\u7f51\u7edc\u76d1\u63a7\u548c\u7ed8\u56fe\u5de5\u5177\uff0c\u662f\u4e3a\u6570\u636e\u8bb0\u5f55\u5de5\u5177RRDtool\u8bbe\u8ba1\u7684\u524d\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\n\nCacti 1.2.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684pollers.php\u6587\u4ef6\u7684\u2018Website Hostnam\u2019\u5b57\u6bb5\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u8f6c\u4e49\u975e\u6cd5\u5b57\u7b26\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
"discovererName": "SegfaultMasters",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-14552",
"openTime": "2019-05-16",
"patchDescription": "Cacti\u662f\u4e00\u6b3e\u5f00\u6e90\u3001\u57fa\u4e8eweb\u7684\u7f51\u7edc\u76d1\u63a7\u548c\u7ed8\u56fe\u5de5\u5177\uff0c\u662f\u4e3a\u6570\u636e\u8bb0\u5f55\u5de5\u5177RRDtool\u8bbe\u8ba1\u7684\u524d\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nCacti 1.2.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684pollers.php\u6587\u4ef6\u7684\u2018Website Hostnam\u2019\u5b57\u6bb5\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u8f6c\u4e49\u975e\u6cd5\u5b57\u7b26\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cacti\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-14552\uff09\u7684\u8865\u4e01",
"products": {
"product": "Cacti Cacti \u003c1.2.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20724",
"serverity": "\u4f4e",
"submitTime": "2019-01-17",
"title": "Cacti\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-14552\uff09"
}
FKIE_CVE-2018-20724
Vulnerability from fkie_nvd - Published: 2019-01-16 16:29 - Updated: 2024-11-21 04:02
Severity
Summary
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7FEEA7-B141-4E6E-8B73-4DFF4844A341",
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad Cross-Site Scripting (XSS) en pollers.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo nombre de host del sitio web para los recolectores de datos."
}
],
"id": "CVE-2018-20724",
"lastModified": "2024-11-21T04:02:02.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T16:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/issues/2212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CQQQ-P7HM-4WMF
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Severity
4.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-20724"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-16T16:29:00Z",
"severity": "MODERATE"
},
"details": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"id": "GHSA-cqqq-p7hm-4wmf",
"modified": "2022-05-13T01:28:02Z",
"published": "2022-05-13T01:28:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20724"
},
{
"type": "WEB",
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"type": "WEB",
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"type": "WEB",
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2018-20724
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-20724",
"description": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"id": "GSD-2018-20724",
"references": [
"https://www.suse.com/security/cve/CVE-2018-20724.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-20724"
],
"details": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"id": "GSD-2018-20724",
"modified": "2023-12-13T01:22:29.317381Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/issues/2212",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"name": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"name": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"name": "openSUSE-SU-2020:0272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"name": "openSUSE-SU-2020:0558",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"name": "openSUSE-SU-2020:0565",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20724"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/issues/2212",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/issues/2212"
},
{
"name": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53"
},
{
"name": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"name": "openSUSE-SU-2020:0272",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0284",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"
},
{
"name": "openSUSE-SU-2020:0558",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"name": "openSUSE-SU-2020:0565",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
},
"lastModifiedDate": "2020-03-01T22:15Z",
"publishedDate": "2019-01-16T16:29Z"
}
}
}
OPENSUSE-SU-2020:0272-1
Vulnerability from csaf_opensuse - Published: 2020-03-01 17:12 - Updated: 2020-03-01 17:12Summary
Security update for cacti, cacti-spine
Severity
Important
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine fixes the following issues:
cacti-spine was updated to version 1.2.9.
Security issues fixed:
- CVE-2009-4112: Fixed a privilege escalation (bsc#1122535).
- CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245).
- CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244).
- CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535).
- CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242).
- CVE-2019-16723: Fixed an authentication bypass vulnerability.
- CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990).
- CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992).
- CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749).
- CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297).
Non-security issues fixed:
- Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024).
- Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).
Patchnames: openSUSE-2020-272
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine was updated to version 1.2.9.\n\n\nSecurity issues fixed:\n\n- CVE-2009-4112: Fixed a privilege escalation (bsc#1122535).\n- CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245).\n- CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244).\n- CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535).\n- CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242).\n- CVE-2019-16723: Fixed an authentication bypass vulnerability.\n- CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990).\n- CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992).\n- CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749).\n- CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297).\n\n\nNon-security issues fixed:\n\n- Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024).\n- Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-272",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0272-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0272-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QJH5OTPHSPMFV4CORKBXMWKMQWVD3CC5/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0272-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QJH5OTPHSPMFV4CORKBXMWKMQWVD3CC5/"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1101024",
"url": "https://bugzilla.suse.com/1101024"
},
{
"category": "self",
"summary": "SUSE Bug 1101139",
"url": "https://bugzilla.suse.com/1101139"
},
{
"category": "self",
"summary": "SUSE Bug 1122242",
"url": "https://bugzilla.suse.com/1122242"
},
{
"category": "self",
"summary": "SUSE Bug 1122243",
"url": "https://bugzilla.suse.com/1122243"
},
{
"category": "self",
"summary": "SUSE Bug 1122244",
"url": "https://bugzilla.suse.com/1122244"
},
{
"category": "self",
"summary": "SUSE Bug 1122245",
"url": "https://bugzilla.suse.com/1122245"
},
{
"category": "self",
"summary": "SUSE Bug 1122535",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "self",
"summary": "SUSE Bug 1158990",
"url": "https://bugzilla.suse.com/1158990"
},
{
"category": "self",
"summary": "SUSE Bug 1158992",
"url": "https://bugzilla.suse.com/1158992"
},
{
"category": "self",
"summary": "SUSE Bug 1161297",
"url": "https://bugzilla.suse.com/1161297"
},
{
"category": "self",
"summary": "SUSE Bug 1163749",
"url": "https://bugzilla.suse.com/1163749"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4112 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20723 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20724 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20725 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20726 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17357 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7237 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7237/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2020-03-01T17:12:57Z",
"generator": {
"date": "2020-03-01T17:12:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0272-1",
"initial_release_date": "2020-03-01T17:12:57Z",
"revision_history": [
{
"date": "2020-03-01T17:12:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.9-lp151.3.3.1.noarch",
"product": {
"name": "cacti-1.2.9-lp151.3.3.1.noarch",
"product_id": "cacti-1.2.9-lp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.9-lp151.3.3.1.x86_64",
"product": {
"name": "cacti-spine-1.2.9-lp151.3.3.1.x86_64",
"product_id": "cacti-spine-1.2.9-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.9-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch"
},
"product_reference": "cacti-1.2.9-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.9-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
},
"product_reference": "cacti-spine-1.2.9-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4112"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting to contain arbitrary commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4112",
"url": "https://www.suse.com/security/cve/CVE-2009-4112"
},
{
"category": "external",
"summary": "SUSE Bug 1122535 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "external",
"summary": "SUSE Bug 558664 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/558664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "important"
}
],
"title": "CVE-2009-4112"
},
{
"cve": "CVE-2018-20723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20723"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20723",
"url": "https://www.suse.com/security/cve/CVE-2018-20723"
},
{
"category": "external",
"summary": "SUSE Bug 1122245 for CVE-2018-20723",
"url": "https://bugzilla.suse.com/1122245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-20723"
},
{
"cve": "CVE-2018-20724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20724"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20724",
"url": "https://www.suse.com/security/cve/CVE-2018-20724"
},
{
"category": "external",
"summary": "SUSE Bug 1122244 for CVE-2018-20724",
"url": "https://bugzilla.suse.com/1122244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-20724"
},
{
"cve": "CVE-2018-20725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20725"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20725",
"url": "https://www.suse.com/security/cve/CVE-2018-20725"
},
{
"category": "external",
"summary": "SUSE Bug 1122243 for CVE-2018-20725",
"url": "https://bugzilla.suse.com/1122243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-20725"
},
{
"cve": "CVE-2018-20726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20726"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20726",
"url": "https://www.suse.com/security/cve/CVE-2018-20726"
},
{
"category": "external",
"summary": "SUSE Bug 1122242 for CVE-2018-20726",
"url": "https://bugzilla.suse.com/1122242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-20726"
},
{
"cve": "CVE-2019-16723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16723"
}
],
"notes": [
{
"category": "general",
"text": "In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16723",
"url": "https://www.suse.com/security/cve/CVE-2019-16723"
},
{
"category": "external",
"summary": "SUSE Bug 1151788 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1151788"
},
{
"category": "external",
"summary": "SUSE Bug 1214170 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1214170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-16723"
},
{
"cve": "CVE-2019-17357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17357"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17357",
"url": "https://www.suse.com/security/cve/CVE-2019-17357"
},
{
"category": "external",
"summary": "SUSE Bug 1158990 for CVE-2019-17357",
"url": "https://bugzilla.suse.com/1158990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "important"
}
],
"title": "CVE-2019-17357"
},
{
"cve": "CVE-2019-17358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17358"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17358",
"url": "https://www.suse.com/security/cve/CVE-2019-17358"
},
{
"category": "external",
"summary": "SUSE Bug 1158992 for CVE-2019-17358",
"url": "https://bugzilla.suse.com/1158992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-17358"
},
{
"cve": "CVE-2020-7106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7106"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7106",
"url": "https://www.suse.com/security/cve/CVE-2020-7106"
},
{
"category": "external",
"summary": "SUSE Bug 1163749 for CVE-2020-7106",
"url": "https://bugzilla.suse.com/1163749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "moderate"
}
],
"title": "CVE-2020-7106"
},
{
"cve": "CVE-2020-7237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7237"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7237",
"url": "https://www.suse.com/security/cve/CVE-2020-7237"
},
{
"category": "external",
"summary": "SUSE Bug 1161297 for CVE-2020-7237",
"url": "https://bugzilla.suse.com/1161297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:cacti-1.2.9-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.9-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:12:57Z",
"details": "important"
}
],
"title": "CVE-2020-7237"
}
]
}
OPENSUSE-SU-2020:0284-1
Vulnerability from csaf_opensuse - Published: 2020-03-02 12:20 - Updated: 2020-03-02 12:20Summary
Security update for cacti, cacti-spine
Severity
Important
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine fixes the following issues:
cacti-spine was updated to version 1.2.9.
Security issues fixed:
- CVE-2009-4112: Fixed a privilege escalation (bsc#1122535).
- CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245).
- CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244).
- CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535).
- CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242).
- CVE-2019-16723: Fixed an authentication bypass vulnerability.
- CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990).
- CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992).
- CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749).
- CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297).
Non-security issues fixed:
- Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024).
- Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2020-284
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine was updated to version 1.2.9.\n\n\nSecurity issues fixed:\n\n- CVE-2009-4112: Fixed a privilege escalation (bsc#1122535).\n- CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245).\n- CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244).\n- CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535).\n- CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242).\n- CVE-2019-16723: Fixed an authentication bypass vulnerability.\n- CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990).\n- CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992).\n- CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749).\n- CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297).\n\n\nNon-security issues fixed:\n\n- Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024).\n- Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0284-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0284-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E42YKBXB3DG7EDJCOOGLDZ757NRYDL6I/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0284-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E42YKBXB3DG7EDJCOOGLDZ757NRYDL6I/"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1101024",
"url": "https://bugzilla.suse.com/1101024"
},
{
"category": "self",
"summary": "SUSE Bug 1101139",
"url": "https://bugzilla.suse.com/1101139"
},
{
"category": "self",
"summary": "SUSE Bug 1122242",
"url": "https://bugzilla.suse.com/1122242"
},
{
"category": "self",
"summary": "SUSE Bug 1122243",
"url": "https://bugzilla.suse.com/1122243"
},
{
"category": "self",
"summary": "SUSE Bug 1122244",
"url": "https://bugzilla.suse.com/1122244"
},
{
"category": "self",
"summary": "SUSE Bug 1122245",
"url": "https://bugzilla.suse.com/1122245"
},
{
"category": "self",
"summary": "SUSE Bug 1122535",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "self",
"summary": "SUSE Bug 1158990",
"url": "https://bugzilla.suse.com/1158990"
},
{
"category": "self",
"summary": "SUSE Bug 1158992",
"url": "https://bugzilla.suse.com/1158992"
},
{
"category": "self",
"summary": "SUSE Bug 1161297",
"url": "https://bugzilla.suse.com/1161297"
},
{
"category": "self",
"summary": "SUSE Bug 1163749",
"url": "https://bugzilla.suse.com/1163749"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4112 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20723 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20724 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20725 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20726 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17357 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7237 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7237/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2020-03-02T12:20:59Z",
"generator": {
"date": "2020-03-02T12:20:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0284-1",
"initial_release_date": "2020-03-02T12:20:59Z",
"revision_history": [
{
"date": "2020-03-02T12:20:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"product": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"product_id": "cacti-spine-1.2.9-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.9-bp151.4.3.1.noarch",
"product": {
"name": "cacti-1.2.9-bp151.4.3.1.noarch",
"product_id": "cacti-1.2.9-bp151.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"product": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"product_id": "cacti-spine-1.2.9-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.9-bp151.4.3.1.s390x",
"product": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.s390x",
"product_id": "cacti-spine-1.2.9-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.9-bp151.4.3.1.x86_64",
"product": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.x86_64",
"product_id": "cacti-spine-1.2.9-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.9-bp151.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch"
},
"product_reference": "cacti-1.2.9-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64"
},
"product_reference": "cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x"
},
"product_reference": "cacti-spine-1.2.9-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.9-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
},
"product_reference": "cacti-spine-1.2.9-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4112"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting to contain arbitrary commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4112",
"url": "https://www.suse.com/security/cve/CVE-2009-4112"
},
{
"category": "external",
"summary": "SUSE Bug 1122535 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "external",
"summary": "SUSE Bug 558664 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/558664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "important"
}
],
"title": "CVE-2009-4112"
},
{
"cve": "CVE-2018-20723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20723"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20723",
"url": "https://www.suse.com/security/cve/CVE-2018-20723"
},
{
"category": "external",
"summary": "SUSE Bug 1122245 for CVE-2018-20723",
"url": "https://bugzilla.suse.com/1122245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-20723"
},
{
"cve": "CVE-2018-20724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20724"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20724",
"url": "https://www.suse.com/security/cve/CVE-2018-20724"
},
{
"category": "external",
"summary": "SUSE Bug 1122244 for CVE-2018-20724",
"url": "https://bugzilla.suse.com/1122244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-20724"
},
{
"cve": "CVE-2018-20725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20725"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20725",
"url": "https://www.suse.com/security/cve/CVE-2018-20725"
},
{
"category": "external",
"summary": "SUSE Bug 1122243 for CVE-2018-20725",
"url": "https://bugzilla.suse.com/1122243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-20725"
},
{
"cve": "CVE-2018-20726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20726"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20726",
"url": "https://www.suse.com/security/cve/CVE-2018-20726"
},
{
"category": "external",
"summary": "SUSE Bug 1122242 for CVE-2018-20726",
"url": "https://bugzilla.suse.com/1122242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-20726"
},
{
"cve": "CVE-2019-16723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16723"
}
],
"notes": [
{
"category": "general",
"text": "In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16723",
"url": "https://www.suse.com/security/cve/CVE-2019-16723"
},
{
"category": "external",
"summary": "SUSE Bug 1151788 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1151788"
},
{
"category": "external",
"summary": "SUSE Bug 1214170 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1214170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-16723"
},
{
"cve": "CVE-2019-17357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17357"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17357",
"url": "https://www.suse.com/security/cve/CVE-2019-17357"
},
{
"category": "external",
"summary": "SUSE Bug 1158990 for CVE-2019-17357",
"url": "https://bugzilla.suse.com/1158990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "important"
}
],
"title": "CVE-2019-17357"
},
{
"cve": "CVE-2019-17358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17358"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17358",
"url": "https://www.suse.com/security/cve/CVE-2019-17358"
},
{
"category": "external",
"summary": "SUSE Bug 1158992 for CVE-2019-17358",
"url": "https://bugzilla.suse.com/1158992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-17358"
},
{
"cve": "CVE-2020-7106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7106"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7106",
"url": "https://www.suse.com/security/cve/CVE-2020-7106"
},
{
"category": "external",
"summary": "SUSE Bug 1163749 for CVE-2020-7106",
"url": "https://bugzilla.suse.com/1163749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "moderate"
}
],
"title": "CVE-2020-7106"
},
{
"cve": "CVE-2020-7237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7237"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7237",
"url": "https://www.suse.com/security/cve/CVE-2020-7237"
},
{
"category": "external",
"summary": "SUSE Bug 1161297 for CVE-2020-7237",
"url": "https://bugzilla.suse.com/1161297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.9-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.9-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-02T12:20:59Z",
"details": "important"
}
],
"title": "CVE-2020-7237"
}
]
}
OPENSUSE-SU-2020:0558-1
Vulnerability from csaf_opensuse - Published: 2020-04-27 18:18 - Updated: 2020-04-27 18:18Summary
Security update for cacti, cacti-spine
Severity
Important
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine to version 1.2.11 fixes the following issues:
This update is fixing multiple vulnerabilities and adding bug fixes. For more details consult the changes file.
Patchnames: openSUSE-2020-558
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine to version 1.2.11 fixes the following issues:\n\nThis update is fixing multiple vulnerabilities and adding bug fixes. For more details consult the changes file.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-558",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0558-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0558-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I7VM65WPOCAD6HUODTOBDF4DOY2KSANI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0558-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I7VM65WPOCAD6HUODTOBDF4DOY2KSANI/"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1122242",
"url": "https://bugzilla.suse.com/1122242"
},
{
"category": "self",
"summary": "SUSE Bug 1122243",
"url": "https://bugzilla.suse.com/1122243"
},
{
"category": "self",
"summary": "SUSE Bug 1122244",
"url": "https://bugzilla.suse.com/1122244"
},
{
"category": "self",
"summary": "SUSE Bug 1122245",
"url": "https://bugzilla.suse.com/1122245"
},
{
"category": "self",
"summary": "SUSE Bug 1122535",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "self",
"summary": "SUSE Bug 1158990",
"url": "https://bugzilla.suse.com/1158990"
},
{
"category": "self",
"summary": "SUSE Bug 1158992",
"url": "https://bugzilla.suse.com/1158992"
},
{
"category": "self",
"summary": "SUSE Bug 1161297",
"url": "https://bugzilla.suse.com/1161297"
},
{
"category": "self",
"summary": "SUSE Bug 1164675",
"url": "https://bugzilla.suse.com/1164675"
},
{
"category": "self",
"summary": "SUSE Bug 1169215",
"url": "https://bugzilla.suse.com/1169215"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4112 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20723 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20724 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20725 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20726 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17357 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7237 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8813 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8813/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2020-04-27T18:18:08Z",
"generator": {
"date": "2020-04-27T18:18:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0558-1",
"initial_release_date": "2020-04-27T18:18:08Z",
"revision_history": [
{
"date": "2020-04-27T18:18:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-2.1.aarch64",
"product": {
"name": "cacti-spine-1.2.11-2.1.aarch64",
"product_id": "cacti-spine-1.2.11-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.11-5.1.noarch",
"product": {
"name": "cacti-1.2.11-5.1.noarch",
"product_id": "cacti-1.2.11-5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-2.1.ppc64le",
"product": {
"name": "cacti-spine-1.2.11-2.1.ppc64le",
"product_id": "cacti-spine-1.2.11-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-2.1.s390x",
"product": {
"name": "cacti-spine-1.2.11-2.1.s390x",
"product_id": "cacti-spine-1.2.11-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-2.1.x86_64",
"product": {
"name": "cacti-spine-1.2.11-2.1.x86_64",
"product_id": "cacti-spine-1.2.11-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.11-5.1.noarch as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-1.2.11-5.1.noarch"
},
"product_reference": "cacti-1.2.11-5.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64"
},
"product_reference": "cacti-spine-1.2.11-2.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.11-2.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x"
},
"product_reference": "cacti-spine-1.2.11-2.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64"
},
"product_reference": "cacti-spine-1.2.11-2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.11-5.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch"
},
"product_reference": "cacti-1.2.11-5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64"
},
"product_reference": "cacti-spine-1.2.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x"
},
"product_reference": "cacti-spine-1.2.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-2.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
},
"product_reference": "cacti-spine-1.2.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4112"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting to contain arbitrary commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4112",
"url": "https://www.suse.com/security/cve/CVE-2009-4112"
},
{
"category": "external",
"summary": "SUSE Bug 1122535 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "external",
"summary": "SUSE Bug 558664 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/558664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "important"
}
],
"title": "CVE-2009-4112"
},
{
"cve": "CVE-2018-20723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20723"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20723",
"url": "https://www.suse.com/security/cve/CVE-2018-20723"
},
{
"category": "external",
"summary": "SUSE Bug 1122245 for CVE-2018-20723",
"url": "https://bugzilla.suse.com/1122245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-20723"
},
{
"cve": "CVE-2018-20724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20724"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20724",
"url": "https://www.suse.com/security/cve/CVE-2018-20724"
},
{
"category": "external",
"summary": "SUSE Bug 1122244 for CVE-2018-20724",
"url": "https://bugzilla.suse.com/1122244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-20724"
},
{
"cve": "CVE-2018-20725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20725"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20725",
"url": "https://www.suse.com/security/cve/CVE-2018-20725"
},
{
"category": "external",
"summary": "SUSE Bug 1122243 for CVE-2018-20725",
"url": "https://bugzilla.suse.com/1122243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-20725"
},
{
"cve": "CVE-2018-20726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20726"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20726",
"url": "https://www.suse.com/security/cve/CVE-2018-20726"
},
{
"category": "external",
"summary": "SUSE Bug 1122242 for CVE-2018-20726",
"url": "https://bugzilla.suse.com/1122242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-20726"
},
{
"cve": "CVE-2019-16723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16723"
}
],
"notes": [
{
"category": "general",
"text": "In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16723",
"url": "https://www.suse.com/security/cve/CVE-2019-16723"
},
{
"category": "external",
"summary": "SUSE Bug 1151788 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1151788"
},
{
"category": "external",
"summary": "SUSE Bug 1214170 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1214170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-16723"
},
{
"cve": "CVE-2019-17357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17357"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17357",
"url": "https://www.suse.com/security/cve/CVE-2019-17357"
},
{
"category": "external",
"summary": "SUSE Bug 1158990 for CVE-2019-17357",
"url": "https://bugzilla.suse.com/1158990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "important"
}
],
"title": "CVE-2019-17357"
},
{
"cve": "CVE-2019-17358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17358"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17358",
"url": "https://www.suse.com/security/cve/CVE-2019-17358"
},
{
"category": "external",
"summary": "SUSE Bug 1158992 for CVE-2019-17358",
"url": "https://bugzilla.suse.com/1158992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-17358"
},
{
"cve": "CVE-2020-7106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7106"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7106",
"url": "https://www.suse.com/security/cve/CVE-2020-7106"
},
{
"category": "external",
"summary": "SUSE Bug 1163749 for CVE-2020-7106",
"url": "https://bugzilla.suse.com/1163749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "moderate"
}
],
"title": "CVE-2020-7106"
},
{
"cve": "CVE-2020-7237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7237"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7237",
"url": "https://www.suse.com/security/cve/CVE-2020-7237"
},
{
"category": "external",
"summary": "SUSE Bug 1161297 for CVE-2020-7237",
"url": "https://bugzilla.suse.com/1161297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "important"
}
],
"title": "CVE-2020-7237"
},
{
"cve": "CVE-2020-8813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8813"
}
],
"notes": [
{
"category": "general",
"text": "graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8813",
"url": "https://www.suse.com/security/cve/CVE-2020-8813"
},
{
"category": "external",
"summary": "SUSE Bug 1154087 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1154087"
},
{
"category": "external",
"summary": "SUSE Bug 1160867 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1160867"
},
{
"category": "external",
"summary": "SUSE Bug 1164675 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1164675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.11-5.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.11-2.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.11-5.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-27T18:18:08Z",
"details": "critical"
}
],
"title": "CVE-2020-8813"
}
]
}
OPENSUSE-SU-2020:0565-1
Vulnerability from csaf_opensuse - Published: 2020-04-30 15:35 - Updated: 2020-04-30 15:35Summary
Security update for cacti, cacti-spine
Severity
Important
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine to version 1.2.11 fixes the following issues:
This update is fixing multiple vulnerabilities and adding bug fixes. For more details consult the changes file.
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2020-565
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine to version 1.2.11 fixes the following issues:\n\nThis update is fixing multiple vulnerabilities and adding bug fixes. For more details consult the changes file.\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-565",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0565-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0565-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZCYZNXPQBT3RNEEVMDXCIG76SLTOPTF5/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0565-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZCYZNXPQBT3RNEEVMDXCIG76SLTOPTF5/"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1122242",
"url": "https://bugzilla.suse.com/1122242"
},
{
"category": "self",
"summary": "SUSE Bug 1122243",
"url": "https://bugzilla.suse.com/1122243"
},
{
"category": "self",
"summary": "SUSE Bug 1122244",
"url": "https://bugzilla.suse.com/1122244"
},
{
"category": "self",
"summary": "SUSE Bug 1122245",
"url": "https://bugzilla.suse.com/1122245"
},
{
"category": "self",
"summary": "SUSE Bug 1122535",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "self",
"summary": "SUSE Bug 1158990",
"url": "https://bugzilla.suse.com/1158990"
},
{
"category": "self",
"summary": "SUSE Bug 1158992",
"url": "https://bugzilla.suse.com/1158992"
},
{
"category": "self",
"summary": "SUSE Bug 1161297",
"url": "https://bugzilla.suse.com/1161297"
},
{
"category": "self",
"summary": "SUSE Bug 1164675",
"url": "https://bugzilla.suse.com/1164675"
},
{
"category": "self",
"summary": "SUSE Bug 1169215",
"url": "https://bugzilla.suse.com/1169215"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4112 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20723 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20724 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20725 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20726 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17357 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7237 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8813 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8813/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2020-04-30T15:35:25Z",
"generator": {
"date": "2020-04-30T15:35:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0565-1",
"initial_release_date": "2020-04-30T15:35:25Z",
"revision_history": [
{
"date": "2020-04-30T15:35:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"product": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"product_id": "cacti-spine-1.2.11-bp151.4.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.11-bp151.4.6.1.noarch",
"product": {
"name": "cacti-1.2.11-bp151.4.6.1.noarch",
"product_id": "cacti-1.2.11-bp151.4.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"product": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"product_id": "cacti-spine-1.2.11-bp151.4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-bp151.4.6.1.s390x",
"product": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.s390x",
"product_id": "cacti-spine-1.2.11-bp151.4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.11-bp151.4.6.1.x86_64",
"product": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.x86_64",
"product_id": "cacti-spine-1.2.11-bp151.4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.11-bp151.4.6.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch"
},
"product_reference": "cacti-1.2.11-bp151.4.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64"
},
"product_reference": "cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x"
},
"product_reference": "cacti-spine-1.2.11-bp151.4.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.11-bp151.4.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
},
"product_reference": "cacti-spine-1.2.11-bp151.4.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4112"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting to contain arbitrary commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4112",
"url": "https://www.suse.com/security/cve/CVE-2009-4112"
},
{
"category": "external",
"summary": "SUSE Bug 1122535 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "external",
"summary": "SUSE Bug 558664 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/558664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "important"
}
],
"title": "CVE-2009-4112"
},
{
"cve": "CVE-2018-20723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20723"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20723",
"url": "https://www.suse.com/security/cve/CVE-2018-20723"
},
{
"category": "external",
"summary": "SUSE Bug 1122245 for CVE-2018-20723",
"url": "https://bugzilla.suse.com/1122245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-20723"
},
{
"cve": "CVE-2018-20724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20724"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20724",
"url": "https://www.suse.com/security/cve/CVE-2018-20724"
},
{
"category": "external",
"summary": "SUSE Bug 1122244 for CVE-2018-20724",
"url": "https://bugzilla.suse.com/1122244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-20724"
},
{
"cve": "CVE-2018-20725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20725"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20725",
"url": "https://www.suse.com/security/cve/CVE-2018-20725"
},
{
"category": "external",
"summary": "SUSE Bug 1122243 for CVE-2018-20725",
"url": "https://bugzilla.suse.com/1122243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-20725"
},
{
"cve": "CVE-2018-20726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20726"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20726",
"url": "https://www.suse.com/security/cve/CVE-2018-20726"
},
{
"category": "external",
"summary": "SUSE Bug 1122242 for CVE-2018-20726",
"url": "https://bugzilla.suse.com/1122242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-20726"
},
{
"cve": "CVE-2019-16723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16723"
}
],
"notes": [
{
"category": "general",
"text": "In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16723",
"url": "https://www.suse.com/security/cve/CVE-2019-16723"
},
{
"category": "external",
"summary": "SUSE Bug 1151788 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1151788"
},
{
"category": "external",
"summary": "SUSE Bug 1214170 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1214170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2019-16723"
},
{
"cve": "CVE-2019-17357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17357"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17357",
"url": "https://www.suse.com/security/cve/CVE-2019-17357"
},
{
"category": "external",
"summary": "SUSE Bug 1158990 for CVE-2019-17357",
"url": "https://bugzilla.suse.com/1158990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "important"
}
],
"title": "CVE-2019-17357"
},
{
"cve": "CVE-2019-17358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17358"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17358",
"url": "https://www.suse.com/security/cve/CVE-2019-17358"
},
{
"category": "external",
"summary": "SUSE Bug 1158992 for CVE-2019-17358",
"url": "https://bugzilla.suse.com/1158992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2019-17358"
},
{
"cve": "CVE-2020-7106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7106"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7106",
"url": "https://www.suse.com/security/cve/CVE-2020-7106"
},
{
"category": "external",
"summary": "SUSE Bug 1163749 for CVE-2020-7106",
"url": "https://bugzilla.suse.com/1163749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "moderate"
}
],
"title": "CVE-2020-7106"
},
{
"cve": "CVE-2020-7237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7237"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7237",
"url": "https://www.suse.com/security/cve/CVE-2020-7237"
},
{
"category": "external",
"summary": "SUSE Bug 1161297 for CVE-2020-7237",
"url": "https://bugzilla.suse.com/1161297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "important"
}
],
"title": "CVE-2020-7237"
},
{
"cve": "CVE-2020-8813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8813"
}
],
"notes": [
{
"category": "general",
"text": "graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8813",
"url": "https://www.suse.com/security/cve/CVE-2020-8813"
},
{
"category": "external",
"summary": "SUSE Bug 1154087 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1154087"
},
{
"category": "external",
"summary": "SUSE Bug 1160867 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1160867"
},
{
"category": "external",
"summary": "SUSE Bug 1164675 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1164675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.11-bp151.4.6.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.11-bp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-30T15:35:25Z",
"details": "critical"
}
],
"title": "CVE-2020-8813"
}
]
}
OPENSUSE-SU-2024:10670-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cacti-1.2.18-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: cacti-1.2.18-1.2 on GA media
Description of the patch: These are all security issues fixed in the cacti-1.2.18-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10670
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
104 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cacti-1.2.18-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cacti-1.2.18-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10670",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10670-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6799 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3112 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4112 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4000 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10970 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11163 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11691 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12065 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12927 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12978 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15194 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16641 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16660 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16785 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20723 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20724 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20725 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20726 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17357 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14295 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14424 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25706 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35701 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7237 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8813 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8813/"
}
],
"title": "cacti-1.2.18-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10670-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.18-1.2.aarch64",
"product": {
"name": "cacti-1.2.18-1.2.aarch64",
"product_id": "cacti-1.2.18-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.18-1.2.ppc64le",
"product": {
"name": "cacti-1.2.18-1.2.ppc64le",
"product_id": "cacti-1.2.18-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.18-1.2.s390x",
"product": {
"name": "cacti-1.2.18-1.2.s390x",
"product_id": "cacti-1.2.18-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.18-1.2.x86_64",
"product": {
"name": "cacti-1.2.18-1.2.x86_64",
"product_id": "cacti-1.2.18-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.18-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64"
},
"product_reference": "cacti-1.2.18-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.18-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le"
},
"product_reference": "cacti-1.2.18-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.18-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x"
},
"product_reference": "cacti-1.2.18-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.18-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
},
"product_reference": "cacti-1.2.18-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-6799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6799"
}
],
"notes": [
{
"category": "general",
"text": "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6799",
"url": "https://www.suse.com/security/cve/CVE-2006-6799"
},
{
"category": "external",
"summary": "SUSE Bug 231082 for CVE-2006-6799",
"url": "https://bugzilla.suse.com/231082"
},
{
"category": "external",
"summary": "SUSE Bug 236724 for CVE-2006-6799",
"url": "https://bugzilla.suse.com/236724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-6799"
},
{
"cve": "CVE-2007-3112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3112"
}
],
"notes": [
{
"category": "general",
"text": "graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3112",
"url": "https://www.suse.com/security/cve/CVE-2007-3112"
},
{
"category": "external",
"summary": "SUSE Bug 326228 for CVE-2007-3112",
"url": "https://bugzilla.suse.com/326228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-3112"
},
{
"cve": "CVE-2009-4112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4112"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting to contain arbitrary commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4112",
"url": "https://www.suse.com/security/cve/CVE-2009-4112"
},
{
"category": "external",
"summary": "SUSE Bug 1122535 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/1122535"
},
{
"category": "external",
"summary": "SUSE Bug 558664 for CVE-2009-4112",
"url": "https://bugzilla.suse.com/558664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2009-4112"
},
{
"cve": "CVE-2014-4000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4000"
}
],
"notes": [
{
"category": "general",
"text": "Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4000",
"url": "https://www.suse.com/security/cve/CVE-2014-4000"
},
{
"category": "external",
"summary": "SUSE Bug 1022564 for CVE-2014-4000",
"url": "https://bugzilla.suse.com/1022564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-4000"
},
{
"cve": "CVE-2017-10970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10970"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10970",
"url": "https://www.suse.com/security/cve/CVE-2017-10970"
},
{
"category": "external",
"summary": "SUSE Bug 1047512 for CVE-2017-10970",
"url": "https://bugzilla.suse.com/1047512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-10970"
},
{
"cve": "CVE-2017-11163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11163"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11163",
"url": "https://www.suse.com/security/cve/CVE-2017-11163"
},
{
"category": "external",
"summary": "SUSE Bug 1048102 for CVE-2017-11163",
"url": "https://bugzilla.suse.com/1048102"
},
{
"category": "external",
"summary": "SUSE Bug 1051633 for CVE-2017-11163",
"url": "https://bugzilla.suse.com/1051633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-11163"
},
{
"cve": "CVE-2017-11691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11691"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11691",
"url": "https://www.suse.com/security/cve/CVE-2017-11691"
},
{
"category": "external",
"summary": "SUSE Bug 1050950 for CVE-2017-11691",
"url": "https://bugzilla.suse.com/1050950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-11691"
},
{
"cve": "CVE-2017-12065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12065"
}
],
"notes": [
{
"category": "general",
"text": "spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12065",
"url": "https://www.suse.com/security/cve/CVE-2017-12065"
},
{
"category": "external",
"summary": "SUSE Bug 1051633 for CVE-2017-12065",
"url": "https://bugzilla.suse.com/1051633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-12065"
},
{
"cve": "CVE-2017-12927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12927"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12927",
"url": "https://www.suse.com/security/cve/CVE-2017-12927"
},
{
"category": "external",
"summary": "SUSE Bug 1054390 for CVE-2017-12927",
"url": "https://bugzilla.suse.com/1054390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-12927"
},
{
"cve": "CVE-2017-12978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12978"
}
],
"notes": [
{
"category": "general",
"text": "lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12978",
"url": "https://www.suse.com/security/cve/CVE-2017-12978"
},
{
"category": "external",
"summary": "SUSE Bug 1054742 for CVE-2017-12978",
"url": "https://bugzilla.suse.com/1054742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12978"
},
{
"cve": "CVE-2017-15194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15194"
}
],
"notes": [
{
"category": "general",
"text": "include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15194",
"url": "https://www.suse.com/security/cve/CVE-2017-15194"
},
{
"category": "external",
"summary": "SUSE Bug 1062554 for CVE-2017-15194",
"url": "https://bugzilla.suse.com/1062554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-15194"
},
{
"cve": "CVE-2017-16641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16641"
}
],
"notes": [
{
"category": "general",
"text": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16641",
"url": "https://www.suse.com/security/cve/CVE-2017-16641"
},
{
"category": "external",
"summary": "SUSE Bug 1067166 for CVE-2017-16641",
"url": "https://bugzilla.suse.com/1067166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-16641"
},
{
"cve": "CVE-2017-16660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16660"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16660",
"url": "https://www.suse.com/security/cve/CVE-2017-16660"
},
{
"category": "external",
"summary": "SUSE Bug 1067164 for CVE-2017-16660",
"url": "https://bugzilla.suse.com/1067164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-16660"
},
{
"cve": "CVE-2017-16661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16661"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16661",
"url": "https://www.suse.com/security/cve/CVE-2017-16661"
},
{
"category": "external",
"summary": "SUSE Bug 1067163 for CVE-2017-16661",
"url": "https://bugzilla.suse.com/1067163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16661"
},
{
"cve": "CVE-2017-16785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16785"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16785",
"url": "https://www.suse.com/security/cve/CVE-2017-16785"
},
{
"category": "external",
"summary": "SUSE Bug 1068028 for CVE-2017-16785",
"url": "https://bugzilla.suse.com/1068028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16785"
},
{
"cve": "CVE-2018-20723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20723"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20723",
"url": "https://www.suse.com/security/cve/CVE-2018-20723"
},
{
"category": "external",
"summary": "SUSE Bug 1122245 for CVE-2018-20723",
"url": "https://bugzilla.suse.com/1122245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20723"
},
{
"cve": "CVE-2018-20724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20724"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20724",
"url": "https://www.suse.com/security/cve/CVE-2018-20724"
},
{
"category": "external",
"summary": "SUSE Bug 1122244 for CVE-2018-20724",
"url": "https://bugzilla.suse.com/1122244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20724"
},
{
"cve": "CVE-2018-20725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20725"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20725",
"url": "https://www.suse.com/security/cve/CVE-2018-20725"
},
{
"category": "external",
"summary": "SUSE Bug 1122243 for CVE-2018-20725",
"url": "https://bugzilla.suse.com/1122243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20725"
},
{
"cve": "CVE-2018-20726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20726"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20726",
"url": "https://www.suse.com/security/cve/CVE-2018-20726"
},
{
"category": "external",
"summary": "SUSE Bug 1122242 for CVE-2018-20726",
"url": "https://bugzilla.suse.com/1122242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20726"
},
{
"cve": "CVE-2019-16723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16723"
}
],
"notes": [
{
"category": "general",
"text": "In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16723",
"url": "https://www.suse.com/security/cve/CVE-2019-16723"
},
{
"category": "external",
"summary": "SUSE Bug 1151788 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1151788"
},
{
"category": "external",
"summary": "SUSE Bug 1214170 for CVE-2019-16723",
"url": "https://bugzilla.suse.com/1214170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16723"
},
{
"cve": "CVE-2019-17357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17357"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17357",
"url": "https://www.suse.com/security/cve/CVE-2019-17357"
},
{
"category": "external",
"summary": "SUSE Bug 1158990 for CVE-2019-17357",
"url": "https://bugzilla.suse.com/1158990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17357"
},
{
"cve": "CVE-2019-17358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17358"
}
],
"notes": [
{
"category": "general",
"text": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17358",
"url": "https://www.suse.com/security/cve/CVE-2019-17358"
},
{
"category": "external",
"summary": "SUSE Bug 1158992 for CVE-2019-17358",
"url": "https://bugzilla.suse.com/1158992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17358"
},
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-13625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13625"
}
],
"notes": [
{
"category": "general",
"text": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13625",
"url": "https://www.suse.com/security/cve/CVE-2020-13625"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-13625",
"url": "https://bugzilla.suse.com/1173090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-13625"
},
{
"cve": "CVE-2020-14295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14295"
}
],
"notes": [
{
"category": "general",
"text": "A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14295",
"url": "https://www.suse.com/security/cve/CVE-2020-14295"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-14295",
"url": "https://bugzilla.suse.com/1173090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14295"
},
{
"cve": "CVE-2020-14424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14424"
}
],
"notes": [
{
"category": "general",
"text": "Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14424",
"url": "https://www.suse.com/security/cve/CVE-2020-14424"
},
{
"category": "external",
"summary": "SUSE Bug 1188188 for CVE-2020-14424",
"url": "https://bugzilla.suse.com/1188188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14424"
},
{
"cve": "CVE-2020-25706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25706"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25706",
"url": "https://www.suse.com/security/cve/CVE-2020-25706"
},
{
"category": "external",
"summary": "SUSE Bug 1174850 for CVE-2020-25706",
"url": "https://bugzilla.suse.com/1174850"
},
{
"category": "external",
"summary": "SUSE Bug 1178677 for CVE-2020-25706",
"url": "https://bugzilla.suse.com/1178677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25706"
},
{
"cve": "CVE-2020-35701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35701"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35701",
"url": "https://www.suse.com/security/cve/CVE-2020-35701"
},
{
"category": "external",
"summary": "SUSE Bug 1180804 for CVE-2020-35701",
"url": "https://bugzilla.suse.com/1180804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-35701"
},
{
"cve": "CVE-2020-7106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7106"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7106",
"url": "https://www.suse.com/security/cve/CVE-2020-7106"
},
{
"category": "external",
"summary": "SUSE Bug 1163749 for CVE-2020-7106",
"url": "https://bugzilla.suse.com/1163749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-7106"
},
{
"cve": "CVE-2020-7237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7237"
}
],
"notes": [
{
"category": "general",
"text": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7237",
"url": "https://www.suse.com/security/cve/CVE-2020-7237"
},
{
"category": "external",
"summary": "SUSE Bug 1161297 for CVE-2020-7237",
"url": "https://bugzilla.suse.com/1161297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-7237"
},
{
"cve": "CVE-2020-8813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8813"
}
],
"notes": [
{
"category": "general",
"text": "graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8813",
"url": "https://www.suse.com/security/cve/CVE-2020-8813"
},
{
"category": "external",
"summary": "SUSE Bug 1154087 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1154087"
},
{
"category": "external",
"summary": "SUSE Bug 1160867 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1160867"
},
{
"category": "external",
"summary": "SUSE Bug 1164675 for CVE-2020-8813",
"url": "https://bugzilla.suse.com/1164675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.18-1.2.aarch64",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.s390x",
"openSUSE Tumbleweed:cacti-1.2.18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-8813"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…