ID CVE-2013-4480
Summary Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:network_satellite:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:network_satellite:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise:11.0:sp2:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise:11.0:sp2:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 13-02-2023 - 04:47)
Impact:
Exploitability:
CWE CWE-668
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2013:1513
  • rhsa
    id RHSA-2013:1514
rpms
  • rhn-java-config-sat-0:5.2.1-9.el5
  • rhn-java-lib-sat-0:5.2.1-9.el5
  • rhn-java-sat-0:5.2.1-9.el5
  • taskomatic-sat-0:5.2.1-9.el5
  • spacewalk-java-0:0.5.44-97.el5sat
  • spacewalk-java-0:1.2.39-135.el5sat
  • spacewalk-java-0:1.2.39-135.el6sat
  • spacewalk-java-0:1.7.54-121.el5sat
  • spacewalk-java-0:1.7.54-121.el6sat
  • spacewalk-java-0:2.0.2-48.el5sat
  • spacewalk-java-0:2.0.2-48.el6sat
  • spacewalk-java-config-0:0.5.44-97.el5sat
  • spacewalk-java-config-0:1.2.39-135.el5sat
  • spacewalk-java-config-0:1.2.39-135.el6sat
  • spacewalk-java-config-0:1.7.54-121.el5sat
  • spacewalk-java-config-0:1.7.54-121.el6sat
  • spacewalk-java-config-0:2.0.2-48.el5sat
  • spacewalk-java-config-0:2.0.2-48.el6sat
  • spacewalk-java-lib-0:0.5.44-97.el5sat
  • spacewalk-java-lib-0:1.2.39-135.el5sat
  • spacewalk-java-lib-0:1.2.39-135.el6sat
  • spacewalk-java-lib-0:1.7.54-121.el5sat
  • spacewalk-java-lib-0:1.7.54-121.el6sat
  • spacewalk-java-lib-0:2.0.2-48.el5sat
  • spacewalk-java-lib-0:2.0.2-48.el6sat
  • spacewalk-java-oracle-0:1.2.39-135.el5sat
  • spacewalk-java-oracle-0:1.2.39-135.el6sat
  • spacewalk-java-oracle-0:1.7.54-121.el5sat
  • spacewalk-java-oracle-0:1.7.54-121.el6sat
  • spacewalk-java-oracle-0:2.0.2-48.el5sat
  • spacewalk-java-oracle-0:2.0.2-48.el6sat
  • spacewalk-java-postgresql-0:2.0.2-48.el5sat
  • spacewalk-java-postgresql-0:2.0.2-48.el6sat
  • spacewalk-taskomatic-0:0.5.44-97.el5sat
  • spacewalk-taskomatic-0:1.2.39-135.el5sat
  • spacewalk-taskomatic-0:1.2.39-135.el6sat
  • spacewalk-taskomatic-0:1.7.54-121.el5sat
  • spacewalk-taskomatic-0:1.7.54-121.el6sat
  • spacewalk-taskomatic-0:2.0.2-48.el5sat
  • spacewalk-taskomatic-0:2.0.2-48.el6sat
refmap via4
confirm
suse SUSE-SU-2013:1661
Last major update 13-02-2023 - 04:47
Published 18-11-2013 - 02:55
Last modified 13-02-2023 - 04:47
Back to Top