Main Vulnerability Database SB2017100614

SB2017100614 - Security Features in Foreman

Published: October 6, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017100614

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Security Features (CVE-ID: CVE-2015-5246)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

Remediation

Install update from vendor's website.

References

http://projects.theforeman.org/issues/11471
https://bugzilla.redhat.com/show_bug.cgi?id=1258700