Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
2013-12-23T22:55:02.973
2025-04-11T00:51:21.963
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | redhat | subscription_asset_manager | 1.0.0 | Yes |
Application | redhat | subscription_asset_manager | 1.1.0 | Yes |
Application | redhat | subscription_asset_manager | 1.2.0 | Yes |
Application | redhat | subscription_asset_manager | 1.2.1 | Yes |
Application | redhat | subscription_asset_manager | 1.3.0 | Yes |