ByteOS Network

NVD Vulnerability Details :

CVE-2013-4486

Analyzed

Source-secalert@redhat.com

Published At-03 Dec, 2019 | 15:15

Updated At-05 Dec, 2019 | 21:10

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

>>zanata>>Versions from 3.0.0(inclusive) to 3.1.2(inclusive)

CWE ID	Type	Source
CWE-74	Primary	nvd@nist.gov

Hyperlink	Source	Resource
https://access.redhat.com/security/cve/cve-2013-4486	secalert@redhat.com	Third Party Advisory Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4486	secalert@redhat.com	Issue Tracking Patch Vendor Advisory
https://github.com/zanata/zanata-server/wiki/Security-advisories	secalert@redhat.com	Patch Third Party Advisory