🛡️ CVE-2023-22643
🟡 CVSS 6.3 — Medium ⚠️ Exploit Public CWE-78 NVD
6.3
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.

Details

Severity MEDIUM
CVSS Score 6.3
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE CWE-78
Public Exploit ⚠️ Yes
Source NVD
Published 2023-02-07
Updated 2026-06-08
Modified 2024-11-21

Affected Packages

Software From version Fixed in
libzypp-plugin-appdata 1.0.1\+git.20180426

References

Exploit, Issue Tracking, Patch, Vendor Advisory https://bugzilla.suse.com/show_bug.cgi?id=1206836
Exploit, Issue Tracking, Patch, Vendor Advisory https://bugzilla.suse.com/show_bug.cgi?id=1206836

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.