CVE-2021-3584
HIGHForeman - Remote Code Execution via Sendmail Configuration
Title source: llmDescription
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
References (3)
Core 3
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://projects.theforeman.org/issues/32753
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/theforeman/foreman/pull/8599
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1968439
Scores
CVSS v3
7.2
EPSS
0.0047
EPSS Percentile
65.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
redhat/satellite
6.0
theforeman/foreman
3.0.0 rc1 (2 CPE variants)
theforeman/foreman
< 2.4.1
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026