spacewalk-java is vulnerable to XML External Entity (XXE) attacks. The vulnerability exists as the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
rhn.redhat.com/errata/RHSA-2015-0957.html
www.securityfocus.com/bid/74595
access.redhat.com/errata/RHSA-2015:0957
access.redhat.com/security/cve/CVE-2014-8162
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1187339
rhn.redhat.com/errata/RHSA-2015-0957.html