CVE-2010-2236
Red Hat Satellite and Proxy - Authenticated Remote Code Execution via Monitoring Probe Display
Title source: llmDescription
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
References (6)
Core 6
Core References
Exploit, Patch x_refsource_confirm
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
Various Sources vendor-advisory
x_refsource_suse
https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56952
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
Exploit, Patch x_refsource_confirm
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=607712
Scores
EPSS
0.0306
EPSS Percentile
86.1%
Details
CWE
CWE-20
Status
published
Products (8)
redhat/network_proxy
5.3
redhat/satellite
4.0
redhat/satellite
4.1
redhat/satellite
4.2
redhat/satellite
5.1
redhat/satellite
5.2
redhat/satellite
5.3
redhat/spacewalk-java
< 2.1.147-1
Published
Apr 15, 2014
Tracked Since
Feb 18, 2026