CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.7%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

Products affected by CVE-2018-14623

Theforeman » Katello » Version: 3.10.0

cpe:2.3:a:theforeman:katello:3.10.0
Theforeman » Katello » Version: 3.11.0

cpe:2.3:a:theforeman:katello:3.11.0
Theforeman » Katello » Version: 3.12.0

cpe:2.3:a:theforeman:katello:3.12.0
Theforeman » Katello » Version: 3.12.0.9

cpe:2.3:a:theforeman:katello:3.12.0.9
Theforeman » Katello » Version: 3.12.1

cpe:2.3:a:theforeman:katello:3.12.1
Theforeman » Katello » Version: 3.12.2

cpe:2.3:a:theforeman:katello:3.12.2
Theforeman » Katello » Version: 3.12.3

cpe:2.3:a:theforeman:katello:3.12.3
Theforeman » Katello » Version: 3.13.0

cpe:2.3:a:theforeman:katello:3.13.0
Theforeman » Katello » Version: 3.13.1

cpe:2.3:a:theforeman:katello:3.13.1
Theforeman » Katello » Version: 3.13.2

cpe:2.3:a:theforeman:katello:3.13.2
Theforeman » Katello » Version: 3.13.3

cpe:2.3:a:theforeman:katello:3.13.3
Theforeman » Katello » Version: 3.13.4

cpe:2.3:a:theforeman:katello:3.13.4
Theforeman » Katello » Version: 3.14.0

cpe:2.3:a:theforeman:katello:3.14.0
Theforeman » Katello » Version: 3.14.1

cpe:2.3:a:theforeman:katello:3.14.1
Theforeman » Katello » Version: 3.15.0

cpe:2.3:a:theforeman:katello:3.15.0
Theforeman » Katello » Version: 3.15.0.1

cpe:2.3:a:theforeman:katello:3.15.0.1
Theforeman » Katello » Version: 3.15.1

cpe:2.3:a:theforeman:katello:3.15.1
Theforeman » Katello » Version: 3.15.1.1

cpe:2.3:a:theforeman:katello:3.15.1.1
Theforeman » Katello » Version: 3.15.2

cpe:2.3:a:theforeman:katello:3.15.2
Theforeman » Katello » Version: 3.15.3

cpe:2.3:a:theforeman:katello:3.15.3
Theforeman » Katello » Version: 3.15.3.1

cpe:2.3:a:theforeman:katello:3.15.3.1
Theforeman » Katello » Version: 3.16.0

cpe:2.3:a:theforeman:katello:3.16.0
Theforeman » Katello » Version: 3.16.1

cpe:2.3:a:theforeman:katello:3.16.1
Theforeman » Katello » Version: 3.16.1.1

cpe:2.3:a:theforeman:katello:3.16.1.1
Theforeman » Katello » Version: 3.16.1.2

cpe:2.3:a:theforeman:katello:3.16.1.2
Theforeman » Katello » Version: 3.16.2

cpe:2.3:a:theforeman:katello:3.16.2
Theforeman » Katello » Version: 3.17.0

cpe:2.3:a:theforeman:katello:3.17.0
Theforeman » Katello » Version: 3.17.1

cpe:2.3:a:theforeman:katello:3.17.1
Theforeman » Katello » Version: 3.17.2

cpe:2.3:a:theforeman:katello:3.17.2
Theforeman » Katello » Version: 3.17.3

cpe:2.3:a:theforeman:katello:3.17.3
Theforeman » Katello » Version: 3.18.0

cpe:2.3:a:theforeman:katello:3.18.0
Theforeman » Katello » Version: 3.18.1

cpe:2.3:a:theforeman:katello:3.18.1
Theforeman » Katello » Version: 3.18.1.1

cpe:2.3:a:theforeman:katello:3.18.1.1
Theforeman » Katello » Version: 3.18.2

cpe:2.3:a:theforeman:katello:3.18.2
Theforeman » Katello » Version: 3.18.2.1

cpe:2.3:a:theforeman:katello:3.18.2.1
Theforeman » Katello » Version: 3.18.3

cpe:2.3:a:theforeman:katello:3.18.3
Theforeman » Katello » Version: 3.18.3.1

cpe:2.3:a:theforeman:katello:3.18.3.1
Theforeman » Katello » Version: 3.18.4

cpe:2.3:a:theforeman:katello:3.18.4
Theforeman » Katello » Version: 4.0.0

cpe:2.3:a:theforeman:katello:4.0.0
Theforeman » Katello » Version: 4.0.1

cpe:2.3:a:theforeman:katello:4.0.1
Theforeman » Katello » Version: 4.0.1.2

cpe:2.3:a:theforeman:katello:4.0.1.2
Theforeman » Katello » Version: 4.1.0

cpe:2.3:a:theforeman:katello:4.1.0
Theforeman » Katello » Version: 4.1.1

cpe:2.3:a:theforeman:katello:4.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14623

Products

Pricing

Contact Us