CVE-2018-14666
First published: Tue Jan 22 2019(Updated: )
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Network Satellite Server | >=6.0<=6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14666?
CVE-2018-14666 has a high severity rating due to improper authorization that can lead to unauthorized configuration changes.
How do I fix CVE-2018-14666?
To fix CVE-2018-14666, apply the latest security patches provided by Red Hat for Satellite 6.
What versions of Red Hat Satellite are affected by CVE-2018-14666?
CVE-2018-14666 affects all Red Hat Satellite 6 versions from 6.0 to 6.4.
What impact can CVE-2018-14666 have on my system?
CVE-2018-14666 allows attackers to modify the configuration of any registered host, potentially leading to significant security breaches.
Is there a workaround for CVE-2018-14666?
Currently, there is no recommended workaround for CVE-2018-14666 besides upgrading to the patched version of Red Hat Satellite.
- agent/weakness
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/source
- vendor/redhat
- canonical/red hat network satellite server
- version/red hat network satellite server/6.0
- version/red hat network satellite server/6.4