Jan Hutař

Pesquisador deRed Hat
#13487de 53,779
19.7CVSS total
Vulnerabilidades · 4
Baixa
1
Média
3
PT-2018-5379
5.4
2018-07-26
Red Hat · Red Hat Satellite · CVE-2017-12175
**Name of the Vulnerable Software and Affected Versions** Red Hat Satellite versions prior to 6.5 **Description** The issue is related to a XSS when using the autocomplete functionality while entering a filter in the discovery rule. **Recommendations** For versions prior to 6.5, update to version 6.5 or later to resolve the issue.
PT-2017-6158
2.1
2017-06-06
Red Hat · Red Hat Satellite · CVE-2014-8180
**Name of the Vulnerable Software and Affected Versions** Red Hat Satellite 6 (affected versions not specified) **Description** The issue allows local users to bypass authentication by logging in with an empty password, which can lead to the deletion of information and cause a Denial of Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2016-5368
6.1
2016-05-19
Red Hat · Red Hat Satellite · CVE-2016-3097
**Name of the Vulnerable Software and Affected Versions** Red Hat Satellite version 5.7 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a group name when viewing snapshot data. **Recommendations** For Red Hat Satellite version 5.7, update to a version that includes the fix for this issue to prevent remote attackers from injecting arbitrary web script or HTML.
PT-2016-5360
6.1
2016-04-14
Red Hat · Red Hat Satellite · CVE-2016-3079
**Name of the Vulnerable Software and Affected Versions** Red Hat Satellite versions 5.7 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several vectors, including the PATH INFO to "systems/SystemEntitlements.do" API endpoint, the `label` parameter to "admin/multiorg/EntitlementDetails.do" API endpoint, the name of a snapshot tag, or the name of a system group in System Set Manager (SSM). **Recommendations** For Red Hat Satellite version 5.7, consider disabling access to the vulnerable API endpoints "systems/SystemEntitlements.do" and "admin/multiorg/EntitlementDetails.do" until a patch is available. Restrict the ability to create or modify snapshot tags and system groups in SSM to minimize the risk of exploitation. Avoid using the `label` parameter in the affected API endpoint until the issue is resolved.