Redhat: >> Network Satellite >> 5.3 Security Vulnerabilities
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2015-05-14
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-01-15
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVSS Score
7.5
EPSS Score
0.007
Published
2013-11-18