Remote Code Execution (RCE)

2019-05-1603:10:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.012 Low

EPSS

Percentile

85.4%

JSON

redhat-certification is vulnerable to remote code execution (RCE) attacks. This is because redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file.

CPENameOperatorVersion
redhat-certification-hardware-previeweq5.2__20170929.el7
redhat-certification-hardware-previeweq5.8__20180216.1.el7
redhat-certification-hardware-previeweq5.6__20171206.el7
redhat-certification-hardware-previeweq5.10__20180326.el7
redhat-certification-hardware-previeweq5.1__20170908.el7
redhat-certification-hardware-previeweq4.8__20170508.el7
redhat-certification-hardware-previeweq5.3__20171023.el7
redhat-certification-hardware-previeweq4.11__20170707.el7
redhat-certification-hardware-previeweq1.7.1__20160627.el7
redhat-certification-hardware-previeweq4.2__20161116.1.el7

Name	Operator	Version
redhat-certification-hardware-preview	eq	5.2__20170929.el7
redhat-certification-hardware-preview	eq	5.8__20180216.1.el7
redhat-certification-hardware-preview	eq	5.6__20171206.el7
redhat-certification-hardware-preview	eq	5.10__20180326.el7
redhat-certification-hardware-preview	eq	5.1__20170908.el7
redhat-certification-hardware-preview	eq	4.8__20170508.el7
redhat-certification-hardware-preview	eq	5.3__20171023.el7
redhat-certification-hardware-preview	eq	4.11__20170707.el7
redhat-certification-hardware-preview	eq	1.7.1__20160627.el7
redhat-certification-hardware-preview	eq	4.2__20161116.1.el7