CVE-2023-4886 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-4886 PUBLISHED CVSS 6.699999809265137 MEDIUM

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

EPSS 0.09% · 24.7th percentile

Risk Scores

CVSS v3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.09%

24.7th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Satellite 6.14 for RHEL 8	0:3.7.0.10-1.el8sat
redhat	satellite	6.0
Red Hat	Red Hat Satellite 6.14 for RHEL 8	1:3.7.0.5-1.el8sat
Red Hat	Red Hat Satellite 6.13 for RHEL 8	0:3.5.1.24-1.el8sat
theforeman	foreman	0

Timeline

Oct 3, 2023 CVE Published
Oct 4, 2023 EPSS Score
Nov 4, 2023 EPSS Score
Dec 5, 2023 EPSS Score
Jan 5, 2024 EPSS Score
Feb 5, 2024 EPSS Score
Mar 8, 2024 EPSS Score
Apr 8, 2024 EPSS Score
May 9, 2024 EPSS Score
Jun 9, 2024 EPSS Score
Jul 10, 2024 EPSS Score
Aug 10, 2024 EPSS Score

References

RHSA-2023:7851 vendor-advisory
RHSA-2024:1061 vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4886 vdb
RHBZ#2230135 issue
https://nvd.nist.gov/vuln/detail/CVE-2023-4886 advisory

Open in Interactive Console →