Published: 23/12/2021 Updated: 05/01/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman foreman
theforeman foreman 3.0.0
redhat satellite 6.0

Synopsis Moderate: Satellite 611 Release Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 611 Description Red Hat Satellite is a systems management tool for Linux-basedin ...

A server side remote code execution vulnerability was found in Foreman project A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection The highest threat from this vulnerability is to confidentiality, integrity and availability of system ...

CWE-78 https://projects.theforeman.org/issues/32753 https://bugzilla.redhat.com/show_bug.cgi?id=1968439 https://github.com/theforeman/foreman/pull/8599 https://access.redhat.com/errata/RHSA-2022:5498 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-3584

CVE-2021-3584

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect