| Vulnerability Name: | CVE-2013-2121 (CCN-85322) | ||||||||
| Assigned: | 2013-06-07 | ||||||||
| Published: | 2013-06-07 | ||||||||
| Updated: | 2023-02-13 | ||||||||
| Summary: | Foreman could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in the Bookmarks controller. An attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P) 4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-2121 Source: CCN Type: Foreman Bug #2631 Remote code execution in Foreman via bookmark controller name Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: SA53981 Foreman Security Bypass Security Issue and Code Execution Vulnerability Source: CCN Type: Foreman Web Site Foreman Source: secalert@redhat.com Type: Exploit secalert@redhat.com Source: CCN Type: BID-60833 Foreman 'bookmarks_controller.rb' Remote Code Execution Vulnerability Source: secalert@redhat.com Type: Exploit secalert@redhat.com Source: XF Type: UNKNOWN foreman-cve20132121-code-exec(85322) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Packet Storm Security [07-23-2013] Foreman (Red Hat OpenStack/Satellite) Code Injection Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [07-23-2013] | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||