Description
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected products
- openSUSE / openSUSE Leap 15.1openldap2 – 2.4.46-lp151.10.18.1
- openSUSE / openSUSE Leap 15.2openldap2 – 2.4.46-lp152.14.9.1
- SUSE / SUSE Linux Enterprise Server 15-LTSSopenldap2 – 2.4.46-9.37.1
- SUSE / SUSE Linux Enterprise Server for SAP 15openldap2 – 2.4.46-9.37.1