Vulnerabilities > CVE-2018-10865 - Missing Authorization vulnerability in Redhat Certification 7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |