CVE-2013-6439 — Improper Authentication in Redhat Subscription Asset Manager

CWE-287 — Improper Authentication CWE-807 — Reliance on Untrusted Inputs in a Security Decision CWE-290 — Authentication Bypass by Spoofing5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

0.4%

top 38.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Subscription Asset Manager

Timeline

PublishedDec 23

Latest updateMay 17

Description

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/subscription_asset_manager5 versions+4

🔴Vulnerability Details

GHSA

GHSA-7pgr-5jgj-xvch: Candlepin in Red Hat Subscription Asset Manager 1↗2022-05-17

▶

CVEList

CVE-2013-6439: Candlepin in Red Hat Subscription Asset Manager 1↗2013-12-23

▶

📋Vendor Advisories

Red Hat

candlepin: insecure authentication enabled by default↗2013-12-19

▶

💬Community

Bugzilla

CVE-2013-6439 candlepin: insecure authentication enabled by default↗2013-12-13

▶