CVE-2013-6439

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1863.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1042677
https://exchange.xforce.ibmcloud.com/vulnerabilities/90134

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:::::::*
	cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:::::::*
	cpe:2.3:a:redhat:subscription_asset_manager:1.2.0:::::::*
	cpe:2.3:a:redhat:subscription_asset_manager:1.2.1:::::::*
	cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:::::::*

History

No history.

Information

Published : 2013-12-23 22:55

Updated : 2023-02-13 04:50

NVD link : CVE-2013-6439

Mitre link : CVE-2013-6439

CVE.ORG link : CVE-2013-6439

JSON object : View

Products Affected

redhat

subscription_asset_manager

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-6439", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-23T22:55:02.973", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."}, {"lang": "es", "value": "Candlepin en Red Hat Subscription Asset Manager v1.0 hasta v1.3 utiliza un esquema de autenticaci\u00f3n d\u00e9bil cuando el archivo de configuraci\u00f3n no especifica un esquema, lo cual tiene un impacto no especificado y vectores de ataque."}], "lastModified": "2023-02-13T04:50:01.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1AEAC18-A40A-4F25-9C41-FD72F577292B"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CB43793-470F-4C24-AC75-A2555CA68A70"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2039E9AA-9AD1-4F16-BE3D-95640F73B37B"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7608FF1B-D510-44BF-BCD4-BD5C97ACA8B0"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}