CVE-2010-2236

Exploit

EPSS 2.06%
Published 15.04.2014 23:55:07
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Network Proxy Version5.3

Redhat ≫ Satellite Version4.0

Redhat ≫ Satellite Version4.1

Redhat ≫ Satellite Version4.2

Redhat ≫ Satellite Version5.1

Redhat ≫ Satellite Version5.2

Redhat ≫ Satellite Version5.3

Redhat ≫ Spacewalk-java Version <= 2.1.147-1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.06%	0.822

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/56952

Vendor Advisory

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

Patch

Exploit

https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html

https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff

https://bugzilla.redhat.com/show_bug.cgi?id=607712

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2010-2236

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2236

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2236

EUVD