Action not permitted
Modal body text goes here.
CVE-2017-7538
Vulnerability from cvelistv5
Published
2018-07-26 15:00
Modified
2024-08-05 16:04
Severity
Summary
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.
References
| Source | URL | Tags |
|---|---|---|
| secalert@redhat.com | http://www.securitytracker.com/id/1039267 | Third Party Advisory, VDB Entry |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2645 | Vendor Advisory |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538 | Issue Tracking, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538"
},
{
"name": "1039267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039267"
},
{
"name": "RHSA-2017:2645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Satellite",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "5.8"
}
]
}
],
"datePublic": "2017-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538"
},
{
"name": "1039267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039267"
},
{
"name": "RHSA-2017:2645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Satellite",
"version": {
"version_data": [
{
"version_value": "5.8"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538"
},
{
"name": "1039267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039267"
},
{
"name": "RHSA-2017:2645",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7538",
"datePublished": "2018-07-26T15:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-7538\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-26T15:29:00.260\",\"lastModified\":\"2019-10-09T23:29:43.390\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad Cross-Site Scripting (XSS) en la manera en la que se muestra un nombre de organizaci\u00f3n en Satellite 5 en versiones anteriores a la 5.8. Un usuario capaz de cambiar el nombre de una organizaci\u00f3n podr\u00eda explotar esta vulnerabilidad para realizar ataques Cross-Site Scripting (XSS) contra otros usuarios de Satellite.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.8\",\"matchCriteriaId\":\"EAC7E694-84AE-4EBD-BCA6-5A1564FABD58\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1039267\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2645\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
gsd-2017-7538
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-7538",
"description": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users.",
"id": "GSD-2017-7538",
"references": [
"https://www.suse.com/security/cve/CVE-2017-7538.html",
"https://access.redhat.com/errata/RHSA-2017:2645"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-7538"
],
"details": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users.",
"id": "GSD-2017-7538",
"modified": "2023-12-13T01:21:06.556302Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Satellite",
"version": {
"version_data": [
{
"version_value": "5.8"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538"
},
{
"name": "1039267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039267"
},
{
"name": "RHSA-2017:2645",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7538"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538"
},
{
"name": "RHSA-2017:2645",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
},
{
"name": "1039267",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039267"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2019-10-09T23:29Z",
"publishedDate": "2018-07-26T15:29Z"
}
}
}
rhsa-2017_2645
Vulnerability from csaf_redhat
Published
2017-09-06 12:26
Modified
2024-09-16 00:30
Summary
Red Hat Security Advisory: satellite and spacewalk security and bug fix update
Notes
Topic
An update for satellite-schema, spacewalk-backend, spacewalk-java, and spacewalk-schema is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities.
Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool.
Security Fix(es):
* A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users. (CVE-2017-7538)
This issue was discovered by Ales Dujicek (Red Hat).
Bug Fix(es):
* Prior to this update, transferring content between Satellites using Inter-Satellite Synchronization or channel-dumps failed to transfer the product-name related to channels. This interfered with the process of moving a server between EUS channels. The 'satellite-export' tool now correctly provides associated product-names, fixing this behavior. (BZ#1446271)
* Prior to this update, the API call 'schedule.failSystemAction()' allowed overwriting a system's event history. This is undesirable from an auditing standpoint. The API now no longer allows affecting completed or failed events. (BZ#1455887)
* Prior to this update, organization administrators who were not allowed to change their organization's attributes could do so by modifying form elements. The associated form controller no longer allows this behavior. (BZ#1458722)
* Prior to this update, the 'download' tool's retry limit would be incorrect if there were more available mirrors than its retry count. It could also produce a harmless but unhelpful traceback in some situations. Both of these behaviors have been fixed. (BZ#1458765)
* Prior to this update, it was possible for parallel registrations using reactivation keys, that were creating snapshot entries, to occasionally deadlock. Both the reactivation-key registration and snapshot-creation paths have been updated to prevent these deadlocks. (BZ#1458880)
* Prior to this update, if there was some problem with a single erratum in a given repository, the 'reposync' command would complain and exit. The tool now logs such errors but continues to synchronize any remaining errata. (BZ#1466229)
* The Satellite 5.8 release failed to include an update to a registration-failure error message that had been released for Satellite 5.7. This restores the missing update. (BZ#1467632)
* Prior to this update, the list of systems in the System Set Manager failed to display the correct icons for a system's update status. This has been corrected. (BZ#1475067)
* Prior to this update, a timing window in the 'cdn-sync' command, when synchronizing multiple channels at once, could cause some of the synchronization attempts to be refused with a 403 error. This update fixes the timing window so that multiple syncs should now work reliably. (BZ#1476924)
* Prior to this update, attempting to view the systems in the System Set Manager that are affected by a given erratum would result in an internal server error. This has been fixed. (BZ#1477508)
* Prior to this update, using 'cdn-sync --no-packages' on a specific channel would disassociate all packages from that channel. This behavior has been fixed, so that '--no-packages' now just skips that step as intended. (BZ#1477667)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for satellite-schema, spacewalk-backend, spacewalk-java, and spacewalk-schema is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities.\n\nRed Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool.\n\nSecurity Fix(es):\n\n* A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users. (CVE-2017-7538)\n\nThis issue was discovered by Ales Dujicek (Red Hat).\n\nBug Fix(es):\n\n* Prior to this update, transferring content between Satellites using Inter-Satellite Synchronization or channel-dumps failed to transfer the product-name related to channels. This interfered with the process of moving a server between EUS channels. The \u0027satellite-export\u0027 tool now correctly provides associated product-names, fixing this behavior. (BZ#1446271)\n\n* Prior to this update, the API call \u0027schedule.failSystemAction()\u0027 allowed overwriting a system\u0027s event history. This is undesirable from an auditing standpoint. The API now no longer allows affecting completed or failed events. (BZ#1455887)\n\n* Prior to this update, organization administrators who were not allowed to change their organization\u0027s attributes could do so by modifying form elements. The associated form controller no longer allows this behavior. (BZ#1458722)\n\n* Prior to this update, the \u0027download\u0027 tool\u0027s retry limit would be incorrect if there were more available mirrors than its retry count. It could also produce a harmless but unhelpful traceback in some situations. Both of these behaviors have been fixed. (BZ#1458765)\n\n* Prior to this update, it was possible for parallel registrations using reactivation keys, that were creating snapshot entries, to occasionally deadlock. Both the reactivation-key registration and snapshot-creation paths have been updated to prevent these deadlocks. (BZ#1458880)\n\n* Prior to this update, if there was some problem with a single erratum in a given repository, the \u0027reposync\u0027 command would complain and exit. The tool now logs such errors but continues to synchronize any remaining errata. (BZ#1466229)\n\n* The Satellite 5.8 release failed to include an update to a registration-failure error message that had been released for Satellite 5.7. This restores the missing update. (BZ#1467632)\n\n* Prior to this update, the list of systems in the System Set Manager failed to display the correct icons for a system\u0027s update status. This has been corrected. (BZ#1475067)\n\n* Prior to this update, a timing window in the \u0027cdn-sync\u0027 command, when synchronizing multiple channels at once, could cause some of the synchronization attempts to be refused with a 403 error. This update fixes the timing window so that multiple syncs should now work reliably. (BZ#1476924)\n\n* Prior to this update, attempting to view the systems in the System Set Manager that are affected by a given erratum would result in an internal server error. This has been fixed. (BZ#1477508)\n\n* Prior to this update, using \u0027cdn-sync --no-packages\u0027 on a specific channel would disassociate all packages from that channel. This behavior has been fixed, so that \u0027--no-packages\u0027 now just skips that step as intended. (BZ#1477667)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2645",
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/articles/273633",
"url": "https://access.redhat.com/site/articles/273633"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/articles/11258",
"url": "https://access.redhat.com/site/articles/11258"
},
{
"category": "external",
"summary": "1446271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446271"
},
{
"category": "external",
"summary": "1455887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455887"
},
{
"category": "external",
"summary": "1458722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458722"
},
{
"category": "external",
"summary": "1458765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458765"
},
{
"category": "external",
"summary": "1458880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458880"
},
{
"category": "external",
"summary": "1460208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460208"
},
{
"category": "external",
"summary": "1466229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466229"
},
{
"category": "external",
"summary": "1467632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467632"
},
{
"category": "external",
"summary": "1471262",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471262"
},
{
"category": "external",
"summary": "1475067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475067"
},
{
"category": "external",
"summary": "1477667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477667"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_2645.json"
}
],
"title": "Red Hat Security Advisory: satellite and spacewalk security and bug fix update",
"tracking": {
"current_release_date": "2024-09-16T00:30:14+00:00",
"generator": {
"date": "2024-09-16T00:30:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2017:2645",
"initial_release_date": "2017-09-06T12:26:43+00:00",
"revision_history": [
{
"date": "2017-09-06T12:26:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-06T12:26:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T00:30:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.8 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.8::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.8::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-schema-0:2.5.1-50.el6sat.src",
"product": {
"name": "spacewalk-schema-0:2.5.1-50.el6sat.src",
"product_id": "spacewalk-schema-0:2.5.1-50.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-schema@2.5.1-50.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-schema-0:5.8.0.33-1.el6sat.src",
"product": {
"name": "satellite-schema-0:5.8.0.33-1.el6sat.src",
"product_id": "satellite-schema-0:5.8.0.33-1.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-schema@5.8.0.33-1.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-0:2.5.3-151.el6sat.src",
"product": {
"name": "spacewalk-backend-0:2.5.3-151.el6sat.src",
"product_id": "spacewalk-backend-0:2.5.3-151.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend@2.5.3-151.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.5.14-95.el6sat.src",
"product": {
"name": "spacewalk-java-0:2.5.14-95.el6sat.src",
"product_id": "spacewalk-java-0:2.5.14-95.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.5.14-95.el6sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"product": {
"name": "spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"product_id": "spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-schema@2.5.1-50.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"product": {
"name": "satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"product_id": "satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-schema@5.8.0.33-1.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-package-push-server@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-cdn@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-xml-export-libs@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-config-files@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-sql-oracle@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-app@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-tools@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-libs@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-sql-postgresql@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-iss-export@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-server@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-config-files-common@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-config-files-tool@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-applet@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-sql@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-iss@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"product_id": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-backend-xmlrpc@2.5.3-151.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.5.14-95.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.5.14-95.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.5.14-95.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.5.14-95.el6sat.noarch",
"product": {
"name": "spacewalk-java-0:2.5.14-95.el6sat.noarch",
"product_id": "spacewalk-java-0:2.5.14-95.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.5.14-95.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"product_id": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.5.14-95.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"product_id": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.5.14-95.el6sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-schema-0:5.8.0.33-1.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.noarch"
},
"product_reference": "satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-schema-0:5.8.0.33-1.el6sat.src as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.src"
},
"product_reference": "satellite-schema-0:5.8.0.33-1.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-0:2.5.3-151.el6sat.src as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.src"
},
"product_reference": "spacewalk-backend-0:2.5.3-151.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.5.14-95.el6sat.src as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.src"
},
"product_reference": "spacewalk-java-0:2.5.14-95.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-java-config-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-schema-0:2.5.1-50.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.noarch"
},
"product_reference": "spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-schema-0:2.5.1-50.el6sat.src as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.src"
},
"product_reference": "spacewalk-schema-0:2.5.1-50.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 ELS (RHEL v.6)",
"product_id": "6Server-Satellite58-ELS:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-schema-0:5.8.0.33-1.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.noarch"
},
"product_reference": "satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-schema-0:5.8.0.33-1.el6sat.src as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.src"
},
"product_reference": "satellite-schema-0:5.8.0.33-1.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-0:2.5.3-151.el6sat.src as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.src"
},
"product_reference": "spacewalk-backend-0:2.5.3-151.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.5.14-95.el6sat.src as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.src"
},
"product_reference": "spacewalk-java-0:2.5.14-95.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-java-config-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-schema-0:2.5.1-50.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.noarch"
},
"product_reference": "spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-schema-0:2.5.1-50.el6sat.src as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.src"
},
"product_reference": "spacewalk-schema-0:2.5.1-50.el6sat.src",
"relates_to_product_reference": "6Server-Satellite58"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch as a component of Red Hat Satellite 5.8 (RHEL v.6)",
"product_id": "6Server-Satellite58:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite58"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ales Dujicek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-7538",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2017-06-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1471262"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "5: organization name allows XSS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.src",
"6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.src",
"6Server-Satellite58:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.src",
"6Server-Satellite58:spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.src",
"6Server-Satellite58:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7538"
},
{
"category": "external",
"summary": "RHBZ#1471262",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471262"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7538",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7538"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Application of this errata involves updating the database schema.\n\nBefore applying this update, make sure all previously-released errata relevant to your system have been applied. To apply this erratum, take the following steps:\n\n* Shut down Red Hat Satellite by running the following command as root:\n\nrhn-satellite stop\n\n* Backup the database. For embedded or managed database variants, please consult Red Hat Satellite 5.8 documentation. For an external database, consult your database administrator.\n\n* Upgrade the errata packages. Details on how to apply this update are available at https://access.redhat.com/site/articles/11258\n\n* Update the database schema using the spacewalk-schema-upgrade command. To do so, run as root:\n\nspacewalk-schema-upgrade\n\nThis process will update your database schema to the latest version. The\nspacewalk-schema-upgrade command will inform you about the results of the\nupgrade and exact locations of schema upgrade log files.\n\n* Restart Red Hat Satellite by running the following as root:\n\nrhn-satellite start",
"product_ids": [
"6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.src",
"6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.src",
"6Server-Satellite58:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.src",
"6Server-Satellite58:spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.src",
"6Server-Satellite58:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"6Server-Satellite58-ELS:satellite-schema-0:5.8.0.33-1.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-0:2.5.3-151.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-0:2.5.14-95.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"6Server-Satellite58-ELS:spacewalk-schema-0:2.5.1-50.el6sat.src",
"6Server-Satellite58-ELS:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.noarch",
"6Server-Satellite58:satellite-schema-0:5.8.0.33-1.el6sat.src",
"6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-0:2.5.3-151.el6sat.src",
"6Server-Satellite58:spacewalk-backend-app-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-applet-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-cdn-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-common-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-config-files-tool-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-iss-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-iss-export-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-package-push-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-server-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-oracle-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-sql-postgresql-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-tools-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-xml-export-libs-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-backend-xmlrpc-0:2.5.3-151.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-0:2.5.14-95.el6sat.src",
"6Server-Satellite58:spacewalk-java-config-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-lib-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-oracle-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-java-postgresql-0:2.5.14-95.el6sat.noarch",
"6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.noarch",
"6Server-Satellite58:spacewalk-schema-0:2.5.1-50.el6sat.src",
"6Server-Satellite58:spacewalk-taskomatic-0:2.5.14-95.el6sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "5: organization name allows XSS"
}
]
}
ghsa-5v3c-p3h6-5654
Vulnerability from github
Published
2022-05-13 01:36
Modified
2022-05-13 01:36
Severity
Details
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.
{
"affected": [],
"aliases": [
"CVE-2017-7538"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-26T15:29:00Z",
"severity": "MODERATE"
},
"details": "A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization\u0027s name could exploit this flaw to perform XSS attacks against other Satellite users.",
"id": "GHSA-5v3c-p3h6-5654",
"modified": "2022-05-13T01:36:17Z",
"published": "2022-05-13T01:36:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7538"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2645"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039267"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading...