Lucene search

[email protected]CVE-2012-5603

HistoryJan 04, 2013 - 10:55 p.m.

CVE-2012-5603

2013-01-0422:55:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-5603

katello

red hat cloudforms

permissions

remote authenticated users

consumer certificates

system security

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users’ settings via unspecified vectors related to the “consumer UUID” of a system.

Affected configurations

NVD

Node

redhatcloudformsRange≤1.0

CPENameOperatorVersion
redhat:cloudformsredhat cloudformsle1.0

CPE	Name	Operator	Version
redhat:cloudforms	redhat cloudforms	le	1.0

References

osvdb.org/88140

osvdb.org/88142

rhn.redhat.com/errata/RHSA-2012-1543.html

rhn.redhat.com/errata/RHSA-2013-0544.html

secunia.com/advisories/51472

www.securityfocus.com/bid/56819

bugzilla.redhat.com/show_bug.cgi?id=882129

exchange.xforce.ibmcloud.com/vulnerabilities/80549

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for CVE-2012-5603

cvelist1 nvd1 prion1 veracode3 nessus2 redhat2