CVE-2013-3712

critical

Published 2014-02-26 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/57050

Application impact

Vendor	Product	Versions
suse	studio_extension_for_system_z	`1.3`
suse	studio_onsite	`1.3`
suse	studio_onsite	`1.3.1`
suse	studio_onsite	`1.3.2`
suse	studio_onsite	`1.3.3`
suse	studio_onsite	`1.3.4`
suse	studio_onsite	`1.3.5`

References

http://secunia.com/advisories/57050
https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html
http://secunia.com/advisories/57050
https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.