CVE-2013-2049

Опубликовано: 13 нояб. 2013

Источник: redhat

CVSS2: 5

EPSS Низкий

Описание

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.

Отчет

This issue is resolved in CloudForms 3.0. The maintenance support policy for CloudForms 2.0 only covers critical security issues, meaning this issue is out of scope. Users of CloudForms 2.0 are advised to upgrade to CloudForms 3.0 to address this issue.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=9590412: static secret_token.rb value

EPSS

Процентиль: 37%

0.0016

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2013-2049

CVSS3: 7.5

nvd

почти 8 лет назад

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.

GHSA-hwwg-f5h3-wwv3

CVSS3: 7.5

github

больше 3 лет назад

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.

EPSS

Процентиль: 37%

0.0016

Низкий

5 Medium

CVSS2