Vulnerabilities > Redhat > Subscription Asset Manager > 1.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2014-0026 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0 katello-headpin is vulnerable to CSRF in REST API | 4.3 |
| 2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2013-04-02 | CVE-2012-6119 | Permissions, Privileges, and Access Controls vulnerability in multiple products Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | 2.1 |