Oval Definition:oval:org.opensuse.security:def:20207237
Revision Date:2022-06-30Version:1
Title:CVE-2020-7237
Description:

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-7237
openSUSE-SU-2020:0272-1
openSUSE-SU-2020:0284-1
openSUSE-SU-2020:0558-1
openSUSE-SU-2020:0565-1
Mitre CVE-2020-7237
SUSE CVE-2020-7237
openSUSE-SU-2020:0272-1
openSUSE-SU-2020:0284-1
openSUSE-SU-2020:0558-1
openSUSE-SU-2020:0565-1
Platform(s):openSUSE Leap 15.1
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 12
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cacti-1.2.11-lp151.3.6 is installed
  • AND cacti is signed with openSUSE key
  • OR
  • cacti-spine-1.2.11-lp151.3.6 is installed
  • AND cacti-spine is signed with openSUSE key
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND Package Information
  • cacti-1.2.11-5 is installed
  • OR cacti-spine-1.2.11-2 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND cacti-1.2.18-1.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND Package Information
  • cacti-1.2.11-bp151.4.6.1 is installed
  • OR cacti-spine-1.2.11-bp151.4.6.1 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND Package Information
  • cacti-1.2.11-5.1 is installed
  • OR cacti-spine-1.2.11-2.1 is installed
    • BACK