Red Hat Satellite is vulnerable to improper access control vulnerability. The vulnerability exists in the message queues maintained by Satellite’s QPID broker and used by katello-agent. A malicious user with authentication to a host registered to Satellite could execute privilege commands to access QMF methods to any host registered to Satellite.