CVE-2012-5603

{"id": "CVE-2012-5603", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-04T22:55:02.383", "references": [{"url": "http://osvdb.org/88140", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/88142", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51472", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/56819", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80549", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/88140", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/88142", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51472", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/56819", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80549", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the \"consumer UUID\" of a system."}, {"lang": "es", "value": "proxies_controller.rb en Katello en Red Hat CloudForms anterior a v1.1 no comprueba los permisos de forma adecuada, lo que permite a usuarios remotos autenticados leer certificados de consumidores o cambiar especificaciones de usuarios a trav\u00e9s de vectores relacionados con el \"consumer UUID\"de un system."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72189D15-3318-45CD-B37E-FD53E4422052", "versionEndIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}