Vulnerabilities > CVE-2018-10865 - Missing Authorization vulnerability in Redhat Certification 7.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redhat
CWE-862

Summary

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Common Weakness Enumeration (CWE)