Redhat » Network Satellite : Security Vulnerabilities, CVEs, Published In 2014
CVE-2013-2143
Public exploit
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Max CVSS
6.5
EPSS Score
74.85%
Published
2014-04-17
Updated
2021-07-16
Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-02-05
Updated
2023-02-13
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-02-05
Updated
2023-02-13
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-02-05
Updated
2023-02-13
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-02-05
Updated
2023-02-13
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.
Max CVSS
5.8
EPSS Score
0.26%
Published
2014-02-05
Updated
2014-02-25
6 vulnerabilities found