Vulnerabilities > CVE-2018-10866 - Missing Authorization vulnerability in Redhat Certification 7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
HIGH Summary
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |