Red Hat · Katello · CVE-2018-14623
**Name of the Vulnerable Software and Affected Versions**
katello versions 3.10 and older
**Description**
A SQL injection flaw was found in katello's errata-related API, allowing an authenticated remote attacker to craft input data and force a malformed SQL query to the backend database. This can result in the leakage of internal IDs. The issue is related to an incomplete fix for a previous problem.
**Recommendations**
For versions 3.10 and older, at the moment, there is no information about a newer version that contains a fix for this vulnerability.