CVE-2012-0059

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
redhatnetwork_proxy
5.4
redhatsatellite
5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-0101.html
http://rhn.redhat.com/errata/RHSA-2012-0102.html
https://access.redhat.com/security/cve/CVE-2012-0059
http://rhn.redhat.com/errata/RHSA-2012-0101.html
http://rhn.redhat.com/errata/RHSA-2012-0102.html