CVEDB API

Vulnerabilities

Vulnerable Software

Redhat: >> Spacewalk-Java >> 2.0.2 Security Vulnerabilities

CVE-2014-3654

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

CVSS Score

4.3

EPSS Score

0.003

Published

2014-11-03

CVE-2014-3595

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVSS Score

4.3

EPSS Score

0.003

Published

2014-09-22

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.

CVSS Score

6.0

EPSS Score

0.021

Published

2014-04-15

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

CVSS Score

4.3

EPSS Score

0.004

Published

2014-04-01

Page 1

Vulnerabilities

Vulnerable Software

Redhat: >> Spacewalk-Java >> 2.0.2 Security Vulnerabilities

Products

Pricing

Contact Us