CVE-2018-14666

EPSS 0.35%
Veröffentlicht 22.01.2019 15:29:00
Zuletzt bearbeitet 21.11.2024 03:49:32
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Satellite Version >= 6.0 <= 6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.567

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
secalert@redhat.com	6.8	0.9	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.securityfocus.com/bid/106490

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-14666

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14666

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14666

EUVD