Vulnerability Details CVE-2018-14666
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 6.5
References
Products affected by CVE-2018-14666
-
cpe:2.3:a:redhat:satellite:6.0
-
cpe:2.3:a:redhat:satellite:6.0.3
-
cpe:2.3:a:redhat:satellite:6.0.5
-
cpe:2.3:a:redhat:satellite:6.0.6
-
cpe:2.3:a:redhat:satellite:6.0.7
-
cpe:2.3:a:redhat:satellite:6.0.8
-
cpe:2.3:a:redhat:satellite:6.1
-
cpe:2.3:a:redhat:satellite:6.1.10
-
cpe:2.3:a:redhat:satellite:6.1.11
-
cpe:2.3:a:redhat:satellite:6.1.12
-
cpe:2.3:a:redhat:satellite:6.1.2
-
cpe:2.3:a:redhat:satellite:6.1.3
-
cpe:2.3:a:redhat:satellite:6.1.4
-
cpe:2.3:a:redhat:satellite:6.1.5
-
cpe:2.3:a:redhat:satellite:6.1.6
-
cpe:2.3:a:redhat:satellite:6.1.7
-
cpe:2.3:a:redhat:satellite:6.1.8
-
cpe:2.3:a:redhat:satellite:6.1.9
-
cpe:2.3:a:redhat:satellite:6.2
-
cpe:2.3:a:redhat:satellite:6.2.1
-
cpe:2.3:a:redhat:satellite:6.2.10
-
cpe:2.3:a:redhat:satellite:6.2.11
-
cpe:2.3:a:redhat:satellite:6.2.12
-
cpe:2.3:a:redhat:satellite:6.2.13
-
cpe:2.3:a:redhat:satellite:6.2.14
-
cpe:2.3:a:redhat:satellite:6.2.15
-
cpe:2.3:a:redhat:satellite:6.2.16
-
cpe:2.3:a:redhat:satellite:6.2.2
-
cpe:2.3:a:redhat:satellite:6.2.3
-
cpe:2.3:a:redhat:satellite:6.2.4
-
cpe:2.3:a:redhat:satellite:6.2.5
-
cpe:2.3:a:redhat:satellite:6.2.6
-
cpe:2.3:a:redhat:satellite:6.2.7
-
cpe:2.3:a:redhat:satellite:6.2.8
-
cpe:2.3:a:redhat:satellite:6.2.9
-
cpe:2.3:a:redhat:satellite:6.3
-
cpe:2.3:a:redhat:satellite:6.3.1
-
cpe:2.3:a:redhat:satellite:6.3.2
-
cpe:2.3:a:redhat:satellite:6.3.3
-
cpe:2.3:a:redhat:satellite:6.3.4
-
cpe:2.3:a:redhat:satellite:6.3.5
-
cpe:2.3:a:redhat:satellite:6.4