CyberSec.Space Logo
Back to CVE Browser

CVE-2013-6439

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile8.69th
PublishedDec 23, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

Affected Platforms (CPE)

πŸ“¦
Redhat

Subscription Asset Manager

= 1.0.0
πŸ“¦
Redhat

Subscription Asset Manager

= 1.1.0
πŸ“¦
Redhat

Subscription Asset Manager

= 1.2.0
πŸ“¦
Redhat

Subscription Asset Manager

= 1.2.1
πŸ“¦
Redhat

Subscription Asset Manager

= 1.3.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2013-1863.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1042677
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/90134
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-1863.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1042677
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/90134

Related Vulnerabilities

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2014-01836.1

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name wh...

CVE-2013-18234.3

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remot...

CVE-2012-61192.1

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, ...