CVE-2010-2236

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.0MEDIUM

EPSS

2.1%

top 16.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Spacewalk-java Redhat Network Proxy Redhat Satellite

Timeline

PublishedApr 15

Latest updateMay 13

Description

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶NVDredhat/spacewalk-java2.1.147-1

▶NVDredhat/network_proxy5.3

▶NVDredhat/satellite6 versions+5

Patches

Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-4343-3cxx-2jqg: The monitoring probe display in spacewalk-java before 2↗2022-05-13

▶

CVEList

CVE-2010-2236: The monitoring probe display in spacewalk-java before 2↗2014-04-15

▶

📋Vendor Advisories

Red Hat

Proxy: Improper monitoring probes input sanitization (ACE)↗2014-02-10

▶

💬Community

Bugzilla

CVE-2010-2236 RHN Satellite / Proxy: Improper monitoring probes input sanitization (ACE)↗2010-06-24

▶