vulnerability
SUSE: CVE-2017-5592: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 9, 2017 | Feb 22, 2017 | Feb 12, 2020 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 9, 2017
Added
Feb 22, 2017
Modified
Feb 12, 2020
Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).
Solution(s)
suse-upgrade-profanitysuse-upgrade-profanity-debuginfosuse-upgrade-profanity-debugsourcesuse-upgrade-profanity-minisuse-upgrade-profanity-mini-debuginfosuse-upgrade-profanity-standardsuse-upgrade-profanity-standard-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.