Vulnerabilities > Redhat > Satellite > 5.2

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-4320 Insufficient Session Expiration vulnerability in Redhat Satellite
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.
network
low complexity
redhat CWE-613
7.5
2019-12-02 CVE-2012-5562 Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
low complexity
redhat CWE-319
3.3
2019-04-11 CVE-2019-3845 Unspecified vulnerability in Redhat Satellite
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1.
low complexity
redhat
5.2
2018-08-22 CVE-2017-7513 Improper Certificate Validation vulnerability in Redhat Satellite
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields.
network
redhat CWE-295
5.8
2018-07-30 CVE-2017-7514 Cross-site Scripting vulnerability in Redhat Satellite
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0.
network
low complexity
redhat CWE-79
5.4
2018-07-26 CVE-2017-12175 Cross-site Scripting vulnerability in Redhat Satellite
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.
network
low complexity
redhat CWE-79
5.4
2018-07-26 CVE-2017-7538 Cross-site Scripting vulnerability in Redhat Satellite
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8.
network
redhat CWE-79
3.5
2014-04-15 CVE-2010-2236 Improper Input Validation vulnerability in Redhat Network Proxy, Satellite and Spacewalk-Java
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
network
redhat CWE-20
6.0