VYPR

Subscription Asset Manager

by Red Hat

CVEs (8)

  • CVE-2015-7501CriNov 9, 2017
    risk 0.70cvss 9.8epss 0.83

    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform…

  • CVE-2014-0130HigKEVMay 7, 2014
    risk 0.65cvss 7.5epss 0.54

    Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to…

  • CVE-2014-0029MedOct 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2014-0183Jan 2, 2020
    risk 0.00cvss epss 0.01

    Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

  • CVE-2017-2663HigJul 27, 2018
    risk 0.00cvss 8.2epss 0.00

    It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch…

  • CVE-2013-6439Dec 23, 2013
    risk 0.00cvss epss 0.02

    Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

  • CVE-2013-1823Apr 2, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

  • CVE-2012-6119Apr 2, 2013
    risk 0.00cvss epss 0.00

    Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.