spacewalk-java is vulnerable to privilege escalation attacks. The vulnerability exists as Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html
rhn.redhat.com/errata/RHSA-2013-1513.html
rhn.redhat.com/errata/RHSA-2013-1514.html
access.redhat.com/errata/RHSA-2013:1513
access.redhat.com/errata/RHSA-2013:1514
access.redhat.com/security/cve/CVE-2013-4480
access.redhat.com/security/updates/classification/#critical
access.redhat.com/site/articles/539283
bugzilla.redhat.com/show_bug.cgi?id=1024614
rhn.redhat.com/errata/RHSA-2013-1514.html