RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

2024-04-2800:00:00

www.tenable.com

rhel 7

rhel 8

satellite 6.11.5

async

security update

critical

cve-2022-32224

cve-2022-42003

activerecord

rce

jackson-databind

array nesting

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory.

Red Hat Satellite is a system management solution that allows organizations to configure and maintain     their systems without the necessity to provide public Internet access to their servers or other client     systems. It performs provisioning and configuration management of predefined standard operating     environments.

Security fix(es):

tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active     Record (CVE-2022-32224)

This update fixes the following bugs:

2153877 - The Documentation button on Satellite 6.11 for Provisioning Templates page is pointing to     404 Page Not Found link     2161929 - Locale change caused by RHEL upgrade results in database index corruption get() returned more     than one Modulemd -- it returned 2!     2166747 - unable to install satellite 6.11 on rhel8.8 - ansible-core version is too new     2166748 - Entitlement certificate is missing content section for a custom product     2166749 - Sync container images of existing docker type repositories fail with 404 - Not found     2166750 - Another deadlock issue when syncing repos with high concurrency     2166756 - Inspecting an image with skopeo no longer works on Capsules     2166757 - Content view filter included errata not in the filter date range     2166759 - Content view filter will include module streams of other repos/arches if the errata contain rpms     in different repos/arches.
2166760 - Even in 6.11.1, sync summary email notification shows the incorrect summary for newly added     errata.
2166761 - Content view publish fails when the content view and repository both have a large name with :
Error message: the server returns an error HTTP status code: 500     2166762 - Insights recommendation sync failing in Satelliite     2170874 - Satellite-clone not working if ansible-core 2.13 is installed

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:1151. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(194220);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id("CVE-2022-32224", "CVE-2022-42003");
  script_xref(name:"RHSA", value:"2023:1151");

  script_name(english:"RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2023:1151 advisory.

    Red Hat Satellite is a system management solution that allows organizations to configure and maintain
    their systems without the necessity to provide public Internet access to their servers or other client
    systems. It performs provisioning and configuration management of predefined standard operating
    environments.

    Security fix(es):

    tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active
    Record (CVE-2022-32224)

    This update fixes the following bugs:

    2153877 - The Documentation button on Satellite 6.11 for Provisioning Templates page is pointing to
    404 Page Not Found link
    2161929 - Locale change caused by RHEL upgrade results in database index corruption get() returned more
    than one Modulemd -- it returned 2!
    2166747 - unable to install satellite 6.11 on rhel8.8 - ansible-core version is too new
    2166748 - Entitlement certificate is missing content section for a custom product
    2166749 - Sync container images of existing docker type repositories fail with 404 - Not found
    2166750 - Another deadlock issue when syncing repos with high concurrency
    2166756 - Inspecting an image with skopeo no longer works on Capsules
    2166757 - Content view filter included errata not in the filter date range
    2166759 - Content view filter will include module streams of other repos/arches if the errata contain rpms
    in different repos/arches.
    2166760 - Even in 6.11.1, sync summary email notification shows the incorrect summary for newly added
    errata.
    2166761 - Content view publish fails when the content view and repository both have a large name with :
    Error message: the server returns an error HTTP status code: 500
    2166762 - Insights recommendation sync failing in Satelliite
    2170874 - Satellite-clone not working if ansible-core 2.13 is installed

    Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#critical");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2108997");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2153877");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2161929");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166747");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166748");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166749");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166750");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166756");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166757");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166759");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166760");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166761");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2166762");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2170874");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1151.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d6666f2d");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:1151");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-32224");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(94, 502);
  script_set_attribute(attribute:"vendor_severity", value:"Critical");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:candlepin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:candlepin-selinux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-gce");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-journald");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-openstack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-ovirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-service");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-telemetry");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman-vmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-naya");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-pulp-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-pulpcore");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python38-naya");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python38-pulp-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python38-pulpcore");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actioncable");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actionmailbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actionmailer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actiontext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actionview");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activejob");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activestorage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_maintain");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_rh_cloud");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_theme_satellite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-katello");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rails");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-railties");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_container_gateway");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:satellite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:satellite-capsule");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:satellite-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:satellite-clone");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:satellite-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python-naya");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python-pulp-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python-pulpcore");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python3-naya");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python3-pulp-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python3-pulpcore");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actioncable");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actiontext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionview");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activemodel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activestorage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activesupport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_rh_cloud");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-railties");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_container_gateway");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/debug',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/os',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/debug',
      'content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/os',
      'content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/debug',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/os',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'rubygem-foreman_maintain-1.0.19-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/debug',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/os',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/sat-utils/6.11/debug',
      'content/dist/layered/rhel8/x86_64/sat-utils/6.11/os',
      'content/dist/layered/rhel8/x86_64/sat-utils/6.11/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/debug',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/os',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'foreman-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-cli-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-debug-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-dynflow-sidekiq-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-ec2-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-gce-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-journald-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-libvirt-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-openstack-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-ovirt-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-postgresql-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-service-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-telemetry-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-vmware-3.1.1.26-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-6.11.5-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-capsule-6.11.5-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-cli-6.11.5-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-common-6.11.5-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/debug',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/os',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.11/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/debug',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/os',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'python38-naya-1.1.1-1.1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'python38-pulp-container-2.9.9-1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'python38-pulpcore-3.16.15-1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-smart_proxy_container_gateway-1.0.7-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/debug',
      'content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/os',
      'content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'satellite-clone-3.1.1-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/satellite/6.11/debug',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/os',
      'content/dist/layered/rhel8/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'candlepin-4.1.19-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'candlepin-selinux-4.1.19-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-actioncable-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-actionmailbox-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-actionmailer-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-actionpack-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-actiontext-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-actionview-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-activejob-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-activemodel-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-activerecord-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-32224', 'CVE-2022-42003']},
      {'reference':'rubygem-activestorage-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-activesupport-6.0.6-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-foreman_rh_cloud-5.0.44-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-foreman_theme_satellite-9.0.0.12-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-katello-4.3.0.52-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-rails-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'rubygem-railties-6.0.6-2.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6.11/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'rubygem-foreman_maintain-1.0.19-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/sat-utils/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/sat-utils/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/sat-utils/6.11/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'foreman-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-cli-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-debug-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-dynflow-sidekiq-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-ec2-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-gce-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-journald-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-libvirt-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-openstack-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-ovirt-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-postgresql-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-service-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-telemetry-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'foreman-vmware-3.1.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-6.11.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-capsule-6.11.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-cli-6.11.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'satellite-common-6.11.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.11/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'tfm-pulpcore-python3-naya-1.1.1-1.1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-pulpcore-python3-pulp-container-2.9.9-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-pulpcore-python3-pulpcore-3.16.15-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-smart_proxy_container_gateway-1.0.7-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'satellite-clone-3.1.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/debug',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/os',
      'content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'candlepin-4.1.19-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'candlepin-selinux-4.1.19-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-actioncable-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-actionmailbox-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-actionmailer-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-actionpack-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-actiontext-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-actionview-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-activejob-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-activemodel-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-activerecord-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-32224', 'CVE-2022-42003']},
      {'reference':'tfm-rubygem-activestorage-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-activesupport-6.0.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-foreman_rh_cloud-5.0.44-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-foreman_theme_satellite-9.0.0.12-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-katello-4.3.0.52-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-rails-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']},
      {'reference':'tfm-rubygem-railties-6.0.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2022-42003']}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'candlepin / candlepin-selinux / foreman / foreman-cli / etc');
}

VendorProductVersionCPE
redhatenterprise_linuxtfm-rubygem-activejobp-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob
redhatenterprise_linuxpython38-pulp-containerp-cpe:/a:redhat:enterprise_linux:python38-pulp-container
redhatenterprise_linuxforeman-gcep-cpe:/a:redhat:enterprise_linux:foreman-gce
redhatenterprise_linuxpython-pulpcorep-cpe:/a:redhat:enterprise_linux:python-pulpcore
redhatenterprise_linuxrubygem-activejobp-cpe:/a:redhat:enterprise_linux:rubygem-activejob
redhatenterprise_linuxsatellitep-cpe:/a:redhat:enterprise_linux:satellite
redhatenterprise_linuxsatellite-clip-cpe:/a:redhat:enterprise_linux:satellite-cli
redhatenterprise_linuxforeman-servicep-cpe:/a:redhat:enterprise_linux:foreman-service
redhatenterprise_linuxtfm-pulpcore-python-nayap-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python-naya
redhatenterprise_linuxforeman-vmwarep-cpe:/a:redhat:enterprise_linux:foreman-vmware

Vendor	Product	Version	CPE
redhat	enterprise_linux	tfm-rubygem-activejob	p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob
redhat	enterprise_linux	python38-pulp-container	p-cpe:/a:redhat:enterprise_linux:python38-pulp-container
redhat	enterprise_linux	foreman-gce	p-cpe:/a:redhat:enterprise_linux:foreman-gce
redhat	enterprise_linux	python-pulpcore	p-cpe:/a:redhat:enterprise_linux:python-pulpcore
redhat	enterprise_linux	rubygem-activejob	p-cpe:/a:redhat:enterprise_linux:rubygem-activejob
redhat	enterprise_linux	satellite	p-cpe:/a:redhat:enterprise_linux:satellite
redhat	enterprise_linux	satellite-cli	p-cpe:/a:redhat:enterprise_linux:satellite-cli
redhat	enterprise_linux	foreman-service	p-cpe:/a:redhat:enterprise_linux:foreman-service
redhat	enterprise_linux	tfm-pulpcore-python-naya	p-cpe:/a:redhat:enterprise_linux:tfm-pulpcore-python-naya
redhat	enterprise_linux	foreman-vmware	p-cpe:/a:redhat:enterprise_linux:foreman-vmware