CVE-2013-6439

Redhat Subscription Asset Manager - Authentication Bypass

Title source: rule

Description

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

References (3)

Scores

EPSS 0.0041
EPSS Percentile 60.9%

Classification

CWE
CWE-287
Status draft

Affected Products (5)

redhat/subscription_asset_manager
redhat/subscription_asset_manager
redhat/subscription_asset_manager
redhat/subscription_asset_manager
redhat/subscription_asset_manager

Timeline

Published Dec 23, 2013
Tracked Since Feb 18, 2026