Vulnerabilities > CVE-2018-10866 - Missing Authorization vulnerability in Redhat Certification 7.0

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
redhat
CWE-862
critical

Summary

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Common Weakness Enumeration (CWE)