CVE-2019-3845 in Satelliteinfo

Zusammenfassung

von MITRE

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

03.01.2019

Moderieren

akzeptiert

Eintrag

VDB-133349

CPE

bereit

CWE

CWE-284 (bestätigt)

CVSS

8.0 (NVD)

EPSS

0.00175

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-3845
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-3845
CVE Details	https://www.cvedetails.com/cve/CVE-2019-3845/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!