Vulnerability Details CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2002-2204
-
cpe:2.3:a:redhat:redhat_package_manager:4.0.2-71
-
cpe:2.3:a:redhat:redhat_package_manager:4.0.2-72
-
cpe:2.3:a:redhat:redhat_package_manager:4.0.3
-
cpe:2.3:a:redhat:redhat_package_manager:4.0.4