CVE-2021-20256

CWE-200Information Exposure4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 69.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedFeb 23
Latest updateMay 24

Description

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5red_hat_satelliteAs shipped in Red Hat Satellite 6

🔴Vulnerability Details

2
GHSA
GHSA-7h9m-xcfj-p257: A flaw was found in Red Hat Satellite2022-05-24
CVEList
CVE-2021-20256: A flaw was found in Red Hat Satellite2021-02-23

📋Vendor Advisories

1
Red Hat
Satellite: BMC controller credential leak via API2021-02-19
CVE-2021-20256 (MEDIUM CVSS 5.3) | A flaw was found in Red Hat Satelli | cvebase.io