CVE-2017-14807

Name of the Vulnerable Software and Affected Versions: SUSE Studio onsite susestudio-ui-server versions 1.3.17-56.6.3 and prior versions

Description: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') issue allows remote attackers with admin privileges in Studio to alter SQL statements, enabling the extraction and modification of data.

Recommendations: For SUSE Studio onsite susestudio-ui-server versions 1.3.17-56.6.3 and prior versions, update to a version later than 1.3.17-56.6.3 to resolve the issue. As a temporary workaround, consider restricting access to the SQL commands to minimize the risk of exploitation.