CVE-2013-6439

2013-12-2322:55:02

CWE-287

redhat

web.nvd.nist.gov

candlepin

red hat

subscription asset manager

cve-2013-6439

weak authentication

configuration vulnerability

nvd

security issue

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

Affected configurations

Nvd

Node

redhatsubscription_asset_managerMatch1.0.0

redhatsubscription_asset_managerMatch1.1.0

redhatsubscription_asset_managerMatch1.2.0

redhatsubscription_asset_managerMatch1.2.1

redhatsubscription_asset_managerMatch1.3.0

VendorProductVersionCPE
redhatsubscription_asset_manager1.0.0cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*
redhatsubscription_asset_manager1.1.0cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*
redhatsubscription_asset_manager1.2.0cpe:2.3:a:redhat:subscription_asset_manager:1.2.0:*:*:*:*:*:*:*
redhatsubscription_asset_manager1.2.1cpe:2.3:a:redhat:subscription_asset_manager:1.2.1:*:*:*:*:*:*:*
redhatsubscription_asset_manager1.3.0cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	subscription_asset_manager	1.0.0	cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:::::::*
redhat	subscription_asset_manager	1.1.0	cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:::::::*
redhat	subscription_asset_manager	1.2.0	cpe:2.3:a:redhat:subscription_asset_manager:1.2.0:::::::*
redhat	subscription_asset_manager	1.2.1	cpe:2.3:a:redhat:subscription_asset_manager:1.2.1:::::::*
redhat	subscription_asset_manager	1.3.0	cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:::::::*