CVE-2024-52869: Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is...
Description
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise.
Classification
CVE ID: CVE-2024-52869
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.48% (scored less or equal to compared to others)
EPSS Date: 2025-02-06 (when was this score calculated)
References
https://www.teradata.com/trust-security-center/data-securityhttps://chrismanson.com/CVE/cve-2024-52869.html