{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"}, {"name": "RHSA-2013:1863", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"}, {"name": "candlepin-redhat-cve20136439-unspecified(90134)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.750Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"}, {"name": "RHSA-2013:1863", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"}, {"name": "candlepin-redhat-cve20136439-unspecified(90134)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6439", "datePublished": "2013-12-23T22:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.750Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1AEAC18-A40A-4F25-9C41-FD72F577292B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CB43793-470F-4C24-AC75-A2555CA68A70", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2039E9AA-9AD1-4F16-BE3D-95640F73B37B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7608FF1B-D510-44BF-BCD4-BD5C97ACA8B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."}, {"lang": "es", "value": "Candlepin en Red Hat Subscription Asset Manager v1.0 hasta v1.3 utiliza un esquema de autenticaci\u00f3n d\u00e9bil cuando el archivo de configuraci\u00f3n no especifica un esquema, lo cual tiene un impacto no especificado y vectores de ataque."}], "id": "CVE-2013-6439", "lastModified": "2023-02-13T04:50:01.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-23T22:55:02.973", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Adrian Likins (RedHat) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2013:1863", "cpe": "cpe:/a:rhel_sam:1.3::el6", "package": "candlepin-0:0.8.26.0-1.el6sam", "product_name": "Red Hat Subscription Asset Manager 1.3", "release_date": "2013-12-19T00:00:00Z"}], "bugzilla": {"description": "candlepin: insecure authentication enabled by default", "id": "1042677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"}, "csaw": false, "cvss": {"cvss_base_score": "9.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:C/I:P/A:P", "status": "verified"}, "cwe": "CWE-807->CWE-290", "details": ["Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."], "name": "CVE-2013-6439", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "candlepin", "product_name": "Red Hat Satellite 6"}], "public_date": "2013-12-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6439\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6439"], "threat_severity": "Important"}