Redhat: >> Subscription Asset Manager >> 1.2.1 Security Vulnerabilities
CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Known exploited
CVSS Score
7.5
EPSS Score
0.256
Published
2014-05-07
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
CVSS Score
9.3
EPSS Score
0.004
Published
2013-12-23