Vulnerability Details CVE-2010-2236
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.4%
CVSS Severity
CVSS v2 Score 6.0
References
- http://secunia.com/advisories/56952
- https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=607712
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
- https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
- http://secunia.com/advisories/56952
- https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=607712
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
- https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
Products affected by CVE-2010-2236
-
cpe:2.3:a:redhat:network_proxy:5.3
-
cpe:2.3:a:redhat:satellite:4.0
-
cpe:2.3:a:redhat:satellite:4.1
-
cpe:2.3:a:redhat:satellite:4.2
-
cpe:2.3:a:redhat:satellite:5.1
-
cpe:2.3:a:redhat:satellite:5.2
-
cpe:2.3:a:redhat:satellite:5.3
-
cpe:2.3:a:redhat:spacewalk-java:-
-
cpe:2.3:a:redhat:spacewalk-java:1.2.39
-
cpe:2.3:a:redhat:spacewalk-java:1.7.54
-
cpe:2.3:a:redhat:spacewalk-java:2.0.2
-
cpe:2.3:a:redhat:spacewalk-java:2.0.2-57
-
cpe:2.3:a:redhat:spacewalk-java:2.1.147-1