CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.

Published: Apr 16, 2014
Updated: Apr 13, 2023
CVE: CVE-2010-2236
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
redhat / spacewalk-java	-	2.1.147-1.x
redhat / network_proxy	5.3	5.3.x
redhat / satellite	5.3	5.3.x
redhat / satellite	5.2	5.2.x
redhat / satellite	5.1	5.1.x
redhat / satellite	4.2	4.2.x
redhat / satellite	4.1	4.1.x
redhat / satellite	4.0	4.0.x

http://secunia.com/advisories/56952
https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=607712
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html

Vulnerability Database

289,599

CVE-2010-2236