Vulnerabilities > Redhat > Subscription Manager > 0.95.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-3899 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. | 7.8 |
| 2018-07-27 | CVE-2017-2663 | Local Privilege Escalation vulnerability in Candlepin subscription-manager It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. | 4.6 |
| 2017-04-14 | CVE-2016-4455 | Permissions, Privileges, and Access Controls vulnerability in Redhat products The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | 3.3 |