Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html | Mailing List Patch Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-1513.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-1514.html | Vendor Advisory |
https://access.redhat.com/site/articles/539283 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1024614 | Issue Tracking Vendor Advisory |
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html | Mailing List Patch Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-1513.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-1514.html | Vendor Advisory |
https://access.redhat.com/site/articles/539283 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1024614 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html - Mailing List, Patch, Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2013-1513.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2013-1514.html - Vendor Advisory | |
References | () https://access.redhat.com/site/articles/539283 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1024614 - Issue Tracking, Vendor Advisory |
25 Feb 2022, 19:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-668 | |
CPE | cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:4.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:4.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:3.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:4.0:*:*:*:*:*:*:* |
cpe:2.3:o:suse:linux_enterprise:11.0:sp2:*:*:*:*:*:* cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.3:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.2:*:*:*:*:*:*:* cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:* |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1024614 - Issue Tracking, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html - Mailing List, Patch, Vendor Advisory |
03 Feb 2022, 16:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:network_satellite:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:network_satellite:4.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:network_satellite:5.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:network_satellite:4.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:network_satellite:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:network_satellite:3.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:network_satellite:5.5:*:*:*:*:*:*:* |
cpe:2.3:a:redhat:satellite:4.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:4.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:3.7:*:*:*:*:*:*:* |
Information
Published : 2013-11-18 02:55
Updated : 2024-11-21 01:55
NVD link : CVE-2013-4480
Mitre link : CVE-2013-4480
CVE.ORG link : CVE-2013-4480
JSON object : View
Products Affected
suse
- linux_enterprise
- manager
redhat
- satellite
- satellite_with_embedded_oracle
- network_satellite
CWE
CWE-668
Exposure of Resource to Wrong Sphere