CVE-2013-4415

Name of the Vulnerable Software and Affected Versions Red Hat Network (RHN) Satellite versions 5.6 Spacewalk versions 5.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via various variables in different searches, including software channels search, scap audit results search, errata search, and systems search. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of vulnerable variables such as whereCriteria, end year, start hour, end am pm, end day, end hour, end minute, end month, end year, optionScanDateSearch, result filter, search string, show as, start am pm, start day, start hour, start minute, start month, start year, whereToSearch, end minute, end month, end year, errata type bug, errata type enhancement, errata type security, fineGrained, list 1892635924 sortdir, optionIssueDateSearch, start am pm, start day, start hour, start minute, start month, start year, view mode, and fineGrained.

Recommendations For Red Hat Network (RHN) Satellite version 5.6, consider disabling the affected searches until a patch is available. For Spacewalk version 5.6, restrict access to the vulnerable variables to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable variables in the affected API endpoints until the issue is resolved.