Subscription Asset Manager@1.0.0 Security Vulnerabilities and Issues — Subscription Asset Manager@1.0.0 CVE List

Lucene search

RedhatSubscription Asset Manager1.0.0

5 matches found

CVE•added 2013/04/02 10:55 p.m.•47 views

CVE-2013-1823

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

4.3CVSS5.8AI score0.00277EPSS

CVE•added 2013/04/02 10:55 p.m.•45 views

CVE-2012-6119

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

2.1CVSS6.3AI score0.00054EPSS

CVE•added 2013/12/23 10:55 p.m.•44 views

CVE-2013-6439

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

9.3CVSS6.9AI score0.00409EPSS

CVE•added 2019/12/11 3:15 p.m.•39 views

CVE-2014-0026

katello-headpin is vulnerable to CSRF in REST API

6.5CVSS6.4AI score0.0015EPSS

CVE•added 2017/10/16 1:29 p.m.•34 views

CVE-2014-0029

Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

6.1CVSS6AI score0.00233EPSS