National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:redhat:satellite:5.8.0
There are 2 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.

Published: April 11, 2019; 11:29:00 AM -04:00
V3: 8.0 HIGH
V2: 5.2 MEDIUM
CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.

Published: July 26, 2018; 01:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW