CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-3072

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://access.redhat.com/errata/RHSA-2016:1083
https://bugzilla.redhat.com/show_bug.cgi?id=1322050
https://github.com/Katello/katello/pull/6051
https://access.redhat.com/errata/RHSA-2016:1083
https://bugzilla.redhat.com/show_bug.cgi?id=1322050
https://github.com/Katello/katello/pull/6051

Products affected by CVE-2016-3072

Katello » Katello » Version: N/A

cpe:2.3:a:katello:katello:-
Redhat » Satellite » Version: 6.1

cpe:2.3:a:redhat:satellite:6.1
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3072

Products

Pricing

Contact Us