CVE-2012-5603

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
redhatcloudforms
𝑥
≤ 1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/88140
http://osvdb.org/88142
http://rhn.redhat.com/errata/RHSA-2012-1543.html
http://rhn.redhat.com/errata/RHSA-2013-0544.html
http://secunia.com/advisories/51472
http://www.securityfocus.com/bid/56819
https://bugzilla.redhat.com/show_bug.cgi?id=882129
https://exchange.xforce.ibmcloud.com/vulnerabilities/80549
http://osvdb.org/88140
http://osvdb.org/88142
http://rhn.redhat.com/errata/RHSA-2012-1543.html
http://rhn.redhat.com/errata/RHSA-2013-0544.html
http://secunia.com/advisories/51472
http://www.securityfocus.com/bid/56819
https://bugzilla.redhat.com/show_bug.cgi?id=882129
https://exchange.xforce.ibmcloud.com/vulnerabilities/80549