CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-6439

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile8.69th
Published2013年12月23日
Last Modified2026年4月29日

Vulnerability Description

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

Affected Platforms (CPE)

📦
Redhat

Subscription Asset Manager

= 1.0.0
📦
Redhat

Subscription Asset Manager

= 1.1.0
📦
Redhat

Subscription Asset Manager

= 1.2.0
📦
Redhat

Subscription Asset Manager

= 1.2.1
📦
Redhat

Subscription Asset Manager

= 1.3.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2013-1863.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1042677
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/90134
🔗 http://rhn.redhat.com/errata/RHSA-2013-1863.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1042677
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/90134

関連する脆弱性情報

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2014-01836.1

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name wh...

CVE-2013-18234.3

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remot...

CVE-2012-61192.1

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, ...