Lucene search
HistoryAug 14, 2015 - 6:59 p.m.
CVE-2015-3235
cve-2015-3235
foreman
security
vulnerability
remote authentication
user permissions
nvd
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.9%
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
Affected configurations
Node
theforemanforemanRange≤1.8.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| theforeman:foreman | theforeman foreman | le | 1.8.2 |
Related
prion
prion
Command injection
2015-08-14 18:59:00
cvelist
cvelist
CVE-2015-3235
2015-08-14 18:00:00
nvd
nvd
CVE-2015-3235
2015-08-14 18:59:07
redhat
redhat
(RHSA-2015:1592) Important: Red Hat Satellite 6.1.1 on RHEL 6
2015-08-12 04:47:35
(RHSA-2015:1591) Important: Red Hat Satellite 6.1.1 on RHEL 7
2015-08-12 04:38:51
veracode
veracode
Incorrect Session Invalidation
2019-05-02 05:42:22
Man-In-The-Middle (MitM)
2019-05-02 05:42:16
Cross-Site Scripting (XSS)
2019-05-02 05:42:13
nessus
nessus
RHEL 6 : Satellite Server (RHSA-2015:1592)
2015-09-01 00:00:00
RHEL 7 : Satellite Server (RHSA-2015:1591)
2015-09-01 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.9%
Related for CVE-2015-3235