Vulnerability in Redhat Network_satellite

CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

EPSS: 0.007 (72.5th percentile) — read the EPSS interpretation.

Affected products

Redhat Network_satellite
Redhat Satellite
Redhat Satellite_with_embedded_oracle — versions 5.2, 5.3, 5.4
Suse Linux_enterprise — versions 11.0
Suse Manager — versions 1.7
N/a — versions n/a

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

SUSE-SU-2013:1661 (vendor-advisory, Patch, Mailing List, x_refsource_SUSE, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
RHSA-2013:1513 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:1514 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)