Published: 15/03/2018 Updated: 28/02/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SchedMD Slurm prior to 17.02.10 and 17.11.x prior to 17.11.5 allows SQL Injection attacks against SlurmDBD.

Vulnerable Product	Search on Vulmon	Subscribe to Product
schedmd slurm
schedmd slurm 17.11.0.0
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #893044 slurm-llnl: CVE-2018-7033: Issue in accounting_storage/mysql plugin by always escaping strings within the slurmdbd Package: src:slurm-llnl; Maintainer for src:slurm-llnl is Debian HPC Team <debian-hpc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 ...

Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-7033 Incomplete sanitization of user-provided text strings could lead to SQL injection att ...

CWE-89 https://www.schedmd.com/news.php?id=201 https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html https://lists.debian.org/debian-lts-announce/2018/04/msg00032.html https://lists.debian.org/debian-lts-announce/2018/07/msg00029.html https://www.debian.org/security/2018/dsa-4254 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893044 https://nvd.nist.gov https://www.debian.org/security/./dsa-4254

CVE-2018-7033

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect