An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
Published 2023-02-07 10:15:53
Updated 2023-02-14 23:29:14
Source SUSE
View at NVD,   CVE.org
Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2023-22643

0.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-22643

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.3
MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1.0
5.2
SUSE
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST

CWE ids for CVE-2023-22643

References for CVE-2023-22643

Products affected by CVE-2023-22643

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!