CVE-2019-14868 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-14868 Interim 1 19 2023-02-13T01:21:53Z current 2021-05-30T14:30:42Z 2023-02-13T01:21:53Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-14868 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Software Development Kit 12 SP5 ksh ksh-devel ksh as a component of SUSE Linux Enterprise Module for Legacy 12 ksh as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata ksh as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata ksh as a component of SUSE Linux Enterprise Server 11 SP4 LTSS ksh-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 ksh as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 ksh-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 ksh as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. CVE-2019-14868 SUSE Linux Enterprise Module for Legacy 12:ksh SUSE Linux Enterprise Server 11 SP1 for Teradata:ksh SUSE Linux Enterprise Server 11 SP3 for Teradata:ksh SUSE Linux Enterprise Server 11 SP4 LTSS:ksh SUSE Linux Enterprise Software Development Kit 12 SP4:ksh SUSE Linux Enterprise Software Development Kit 12 SP4:ksh-devel SUSE Linux Enterprise Software Development Kit 12 SP5:ksh SUSE Linux Enterprise Software Development Kit 12 SP5:ksh-devel moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H