Cross-Site Scripting in Red Hat Satellite
CVE-2017-12175

3.5LOW

Key Information:

Vendor

Red Hat
Status
Satellite
Vendor
CVE Published:
26 July 2018

What is CVE-2017-12175?

Red Hat Satellite versions prior to 6.5 are susceptible to a Cross-Site Scripting vulnerability. This flaw occurs within the discovery rule feature when users input filters utilizing the autocomplete functionality. An attacker could exploit this vulnerability to inject malicious scripts into the web application, potentially compromising user data and session integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Satellite 6.5

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101245
vdb-entryx_refsource_BID
https://projects.theforeman.org/issues/22042
x_refsource_CONFIRM

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.