Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Vulnerability Description
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
CVSS Information
N/A
Vulnerability Type
CWE-1270
Vulnerability Title
SUSE Manager 日志信息泄露漏洞
Vulnerability Description
SUSE Manager是德国SUSE公司的一套Linux服务器管理系统。该系统提供自动化软件管理、系统配置和监控等功能。 SUSE Manager Server Module 4.2 4.2.50-150300.3.66.5 之前版本、 SUSE Manager Server Module 4.3 4.3.58-150400.3.46.4 之前版本存在日志信息泄露漏洞,该漏洞源于spacewalk-java会将敏感信息插入日志文件,导致敏感信息被记录。
CVSS Information
N/A
Vulnerability Type
N/A