Subscription Manager

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2016-4455	Candlepin subscription-manager	Low	0.21	3.3	0.00		Apr 14, 2017	The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
CVE-2012-6137	Red Hat Enterprise Linux Desktop		0.00	—	0.01		May 21, 2013	rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as…

CVE-2016-4455LowApr 14, 2017
Candlepin
subscription-manager
risk 0.21cvss 3.3epss 0.00
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
CVE-2012-6137May 21, 2013
Red Hat
Enterprise Linux Desktop
risk 0.00cvss —epss 0.01
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as…