CVE-2017-2663

Name of the Vulnerable Software and Affected Versions: subscription-manager versions prior to 1.19.4

Description: The issue allows an unprivileged local attacker to access private information or launch a privilege escalation attack by exploiting the DBus interface. Specifically, the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods are vulnerable.

Recommendations: For versions prior to 1.19.4, update to version 1.19.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the DBus interface until a patch is applied.