Red Hat Spacewalk 2.6

CPE Details

Red Hat Spacewalk 2.6
redhat
spacewalk
2.6
2018-11-01
16h32 +00:00
2018-11-01
16h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:spacewalk:2.6:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

spacewalk

Version

2.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-1693 2020-02-17 18h35 +00:00 A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
9.8
Critical
CVE-2019-10136 2019-07-02 17h29 +00:00 It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
4.3
Medium
CVE-2019-10137 2019-07-02 17h28 +00:00 A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
9.8
Critical
CVE-2018-1077 2018-03-14 18h00 +00:00 Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
7.5
High