CVE-2014-8162
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-0957.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | network_satellite | {"endIncluding":"5.7"} | |
| suse | manager | 1.7 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
- http://rhn.redhat.com/errata/RHSA-2015-0957.html
- http://www.securityfocus.com/bid/74595
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
- http://rhn.redhat.com/errata/RHSA-2015-0957.html
- http://www.securityfocus.com/bid/74595
Verify integrity in audit chain (admin only). AS-IS.