PT-2014-2378 · Red Hat · Red Hat Network Satellite

Ben Ford

Published

2014-02-14

Updated

2022-02-25

CVE-2012-6149

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat Network Satellite versions 5.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via the subject or content values of a note in a system.addNote XML-RPC call, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For Red Hat Network Satellite version 5.6, as a temporary workaround, consider restricting access to the system.addNote XML-RPC call until a patch is available. Avoid using the subject and content values in the system.addNote call to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-6149

RHSA-2014:0148

Affected Products

Red Hat Network Satellite

PT-2014-2378 · Red Hat · Red Hat Network Satellite

CVE-2012-6149

Weakness Enumeration

Related Identifiers

Affected Products

References · 7