CVE-2017-5182 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-5182 Interim 1 3 2021-06-09T12:53:39Z current 2021-05-30T13:52:00Z 2021-06-09T12:53:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-5182 Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/kb/doc/?id=7014420 E-Mail link for TID7014420 https://www.suse.com/support/kb/doc/?id=7016875 E-Mail link for TID7016875 https://www.suse.com/support/kb/doc/?id=7017947 E-Mail link for TID7017947 https://www.suse.com/support/kb/doc/?id=7018503 E-Mail link for TID7018503 https://www.suse.com/support/kb/doc/?id=7021068 E-Mail link for TID7021068 https://www.suse.com/support/security/rating/ SUSE Security Ratings Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). CVE-2017-5182 important 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N