ByteOS Network

NVD Vulnerability Details :

CVE-2014-3595

Deferred

Source-secalert@redhat.com

Published At-22 Sep, 2014 | 15:55

Updated At-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Red Hat, Inc.

>>satellite>>5.4

cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.5

cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.6

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite_with_embedded_oracle>>5.4

cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite_with_embedded_oracle>>5.5

cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>spacewalk-java>>1.2.39

cpe:2.3:a:redhat:spacewalk-java:1.2.39:*:*:*:*:*:*:*

Red Hat, Inc.

>>spacewalk-java>>1.7.54

cpe:2.3:a:redhat:spacewalk-java:1.7.54:*:*:*:*:*:*:*

Red Hat, Inc.

>>spacewalk-java>>2.0.2

cpe:2.3:a:redhat:spacewalk-java:2.0.2:*:*:*:*:*:*:*

SUSE

>>manager>>1.7

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*

SUSE

>>suse_linux_enterprise_server>>11

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:*:*:*:*

SUSE

>>manager_server>>-

cpe:2.3:a:suse:manager_server:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html	secalert@redhat.com	Mailing List Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html	secalert@redhat.com	Mailing List Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-1184.html	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/61115	secalert@redhat.com	Third Party Advisory
http://secunia.com/advisories/62027	secalert@redhat.com	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-1184.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/61115	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://secunia.com/advisories/62027	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory