CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

Published : 2019-01-22 15:29 Updated : 2019-10-09 23:35

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Redhat Satellite 6.0 cpe:/a:redhat:satellite:6.0
Redhat Satellite 6.1 cpe:/a:redhat:satellite:6.1
Redhat Satellite 6.2 cpe:/a:redhat:satellite:6.2
Redhat Satellite 6.3 cpe:/a:redhat:satellite:6.3
Redhat Satellite 6.4 cpe:/a:redhat:satellite:6.4
Redhat Satellite 6.0.3 cpe:/a:redhat:satellite:6.0.3
  1. Redhat (1) Search CVE
    1. Satellite (6) Search CVE
      1. 6.0
      2. 6.1
      3. 6.2
      4. 6.3
      5. 6.4
      6. 6.0.3

CWE

ID Name Description Links
CWE-863 Incorrect Authorization The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. CVE

History of changes

Date Event
2019-10-09 23:35
2019-10-03 00:03
2019-02-15 18:52
2019-01-23 11:29
2019-01-22 15:29

New CVE