{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-15T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "56952", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56952"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"}, {"name": "SUSE-SU-2014:0222", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:25:07.611Z"}, "title": "CVE Program Container", "references": [{"name": "56952", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56952"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"}, {"name": "SUSE-SU-2014:0222", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2236", "datePublished": "2014-04-15T18:00:00", "dateReserved": "2010-06-09T00:00:00", "dateUpdated": "2024-08-07T02:25:07.611Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:network_proxy:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD54BC7C-AD07-41B7-B2E1-A12361F16BC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7342B50-2EB5-4B1D-8B7B-B3EF0CB57344", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "78224C92-8BA1-4717-9DE4-4CC74B5E80FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E1C5E62-E685-44F0-9AB3-B8C6BDA7E315", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E90E312-ED12-4EBB-AA88-603C91AF2BE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3CDDEC74-7E97-4498-A136-B270BD1AC72D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D1FDDB68-9828-4DAF-8417-4E3B68ABA2C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:spacewalk-java:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF0E732F-CA6D-4AE5-AC20-46DB629B1C95", "versionEndIncluding": "2.1.147-1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks."}, {"lang": "es", "value": "La consola de sensores de monitorizaci\u00f3n en spacewalk-java anterior a 2.1.148-1 y Red Hat Network (RHN) Satellite 4.0.0 hasta 4.2.0 y 5.1.0 hasta 5.3.0 y Proxy 5.3.0, permite a usuarios remotos autenticados con permisos para administrar sensores de monitorizaci\u00f3n ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con backticks."}], "id": "CVE-2010-2236", "lastModified": "2024-11-21T01:16:12.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-15T23:55:07.203", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56952"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"}, {"source": "secalert@redhat.com", "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Proxy: Improper monitoring probes input sanitization (ACE)", "id": "607712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "draft"}, "details": ["The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks."], "name": "CVE-2010-2236", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.6", "fix_state": "Affected", "package_name": "Server", "product_name": "Red Hat Satellite 5.6"}, {"cpe": "cpe:/a:redhat:network_proxy:5.6", "fix_state": "Will not fix", "package_name": "Server", "product_name": "Red Hat Satellite Proxy 5.6"}], "public_date": "2014-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2236\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2236"], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. Satellite 5 is currently in the Production 2 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite page.", "threat_severity": "Moderate"}