CVE-2017-7435
8.1
HIGH
CVSS 3.1
EPSS 0.45%
Description
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
How to fix CVE-2017-7435
To remediate CVE-2017-7435, upgrade the affected package to a fixed version below.
- Debian/libzypp—upgrade to 17.3.1-1 or later
Is CVE-2017-7435 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 17.3.1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |