Detections
Analytics
RHEL 7 : Satellite 6.8 release (Important) (RHSA-2020:4366)
critical Nessus Plugin ID 142452
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4366 advisory.- rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)
- puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
- hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
- jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
- jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
- jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
- jackson-databind: serialization in weblogic/oracle-aqjms (CVE-2020-14061)
- jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (CVE-2020-14062)
- jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory (CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
- rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
- rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks (CVE-2020-5267)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
- jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
- jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
- jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
- jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/CVE-2018-3258
https://access.redhat.com/security/cve/CVE-2018-11751
https://access.redhat.com/security/cve/CVE-2018-1000119
https://access.redhat.com/security/cve/CVE-2019-10219
https://access.redhat.com/security/cve/CVE-2019-12781
https://access.redhat.com/security/cve/CVE-2019-16782
https://access.redhat.com/security/cve/CVE-2020-5216
https://access.redhat.com/security/cve/CVE-2020-5217
https://access.redhat.com/security/cve/CVE-2020-5267
https://access.redhat.com/security/cve/CVE-2020-7238
https://access.redhat.com/security/cve/CVE-2020-7663
https://access.redhat.com/security/cve/CVE-2020-7942
https://access.redhat.com/security/cve/CVE-2020-7943
https://access.redhat.com/security/cve/CVE-2020-8161
https://access.redhat.com/security/cve/CVE-2020-8184
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-14061
https://access.redhat.com/security/cve/CVE-2020-14062
https://access.redhat.com/security/cve/CVE-2020-14195
https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/cve/CVE-2020-14380
https://access.redhat.com/errata/RHSA-2020:4366
https://bugzilla.redhat.com/1534027
https://bugzilla.redhat.com/1640615
https://bugzilla.redhat.com/1724497
https://bugzilla.redhat.com/1738673
https://bugzilla.redhat.com/1788261
https://bugzilla.redhat.com/1789100
https://bugzilla.redhat.com/1796225
https://bugzilla.redhat.com/1801264
https://bugzilla.redhat.com/1801286
https://bugzilla.redhat.com/1805501
https://bugzilla.redhat.com/1816330
https://bugzilla.redhat.com/1816332
https://bugzilla.redhat.com/1816337
https://bugzilla.redhat.com/1816340
https://bugzilla.redhat.com/1816720
https://bugzilla.redhat.com/1819208
https://bugzilla.redhat.com/1819212
https://bugzilla.redhat.com/1826805
https://bugzilla.redhat.com/1828486
https://bugzilla.redhat.com/1831528
https://bugzilla.redhat.com/1838281
https://bugzilla.redhat.com/1845978
https://bugzilla.redhat.com/1848958
https://bugzilla.redhat.com/1848962
https://bugzilla.redhat.com/1848966
https://bugzilla.redhat.com/1849141
Plugin Details
Severity: Critical
ID: 142452
File Name: redhat-RHSA-2020-4366.nasl
Version: 1.10
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/4/2020
Updated: 2/9/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-8840
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2020-9548
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_network, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_resources, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_storage, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_subscriptions, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bcrypt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-builder, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script-source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-connection_pool, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-crass, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative-option, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-erubi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-execjs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday-cookie_jar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday_middleware, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_azure_rm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_leapp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution-cockpit, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_rh_cloud, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fx, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gitlab-sidekiq-fetcher, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-googleauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql-batch, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_azure_rm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_leapp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-form_data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http_parser.rb, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-httpclient, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kubeclient, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-loofah, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mail, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-marcel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-memoist, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-method_source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types-data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mimemagic, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_mime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_portile2, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest_azure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mustermann, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nio4r, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-optimist, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-os, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-promise.rb, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-public_suffix, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_2to3_migration_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_ansible_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_certguard_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_container_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_file_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_rpm_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulpcore_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma-plugin-systemd, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-cors, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-test, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-dom-testing, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-html-sanitizer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rb-inotify, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-recursive-open-struct, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redis, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-representable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rsec, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sidekiq, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dns_infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sqlite3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-stomp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-text, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thor, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thread_safe, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-timeliness, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tzinfo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-uber, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-driver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-extensions, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-x-editable-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-xmlrpc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-zeitwerk, p-cpe:/a:redhat:enterprise_linux:tfm-runtime, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ansible-collection-redhat-satellite, p-cpe:/a:redhat:enterprise_linux:ansible-runner, p-cpe:/a:redhat:enterprise_linux:ansiblerole-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client, p-cpe:/a:redhat:enterprise_linux:ansiblerole-satellite-receptor-installer, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:crane-selinux, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service-tui, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-journald, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:keycloak-httpd-client-install, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:libmodulemd, p-cpe:/a:redhat:enterprise_linux:libsolv, p-cpe:/a:redhat:enterprise_linux:libwebsockets, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:mod_xsendfile, p-cpe:/a:redhat:enterprise_linux:ostree, p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:pulp-maintenance, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:pycairo, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-gnupg, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:python-kid, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:python-psutil, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:python-semantic_version, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:python2-amqp, p-cpe:/a:redhat:enterprise_linux:python2-ansible-runner, p-cpe:/a:redhat:enterprise_linux:python2-anyjson, p-cpe:/a:redhat:enterprise_linux:python2-apypie, p-cpe:/a:redhat:enterprise_linux:python2-billiard, p-cpe:/a:redhat:enterprise_linux:python2-celery, p-cpe:/a:redhat:enterprise_linux:python2-click, p-cpe:/a:redhat:enterprise_linux:python2-crane, p-cpe:/a:redhat:enterprise_linux:python2-daemon, p-cpe:/a:redhat:enterprise_linux:python2-django, p-cpe:/a:redhat:enterprise_linux:python2-flask, p-cpe:/a:redhat:enterprise_linux:python2-future, p-cpe:/a:redhat:enterprise_linux:python2-gobject, p-cpe:/a:redhat:enterprise_linux:python2-gobject-base, p-cpe:/a:redhat:enterprise_linux:python2-isodate, p-cpe:/a:redhat:enterprise_linux:python2-itsdangerous, p-cpe:/a:redhat:enterprise_linux:python2-jinja2, p-cpe:/a:redhat:enterprise_linux:python2-jmespath, p-cpe:/a:redhat:enterprise_linux:python2-keycloak-httpd-client-install, p-cpe:/a:redhat:enterprise_linux:python2-kombu, p-cpe:/a:redhat:enterprise_linux:python2-lockfile, p-cpe:/a:redhat:enterprise_linux:python2-markupsafe, p-cpe:/a:redhat:enterprise_linux:python2-okaara, p-cpe:/a:redhat:enterprise_linux:python2-pexpect, p-cpe:/a:redhat:enterprise_linux:python2-ptyprocess, p-cpe:/a:redhat:enterprise_linux:python2-pycurl, p-cpe:/a:redhat:enterprise_linux:python2-solv, p-cpe:/a:redhat:enterprise_linux:python2-twisted, p-cpe:/a:redhat:enterprise_linux:python2-vine, p-cpe:/a:redhat:enterprise_linux:python2-werkzeug, p-cpe:/a:redhat:enterprise_linux:python3-aiohttp, p-cpe:/a:redhat:enterprise_linux:python3-async-timeout, p-cpe:/a:redhat:enterprise_linux:python3-attrs, p-cpe:/a:redhat:enterprise_linux:python3-chardet, p-cpe:/a:redhat:enterprise_linux:python3-dateutil, p-cpe:/a:redhat:enterprise_linux:python3-idna, p-cpe:/a:redhat:enterprise_linux:python3-idna-ssl, p-cpe:/a:redhat:enterprise_linux:python3-multidict, p-cpe:/a:redhat:enterprise_linux:python3-prometheus-client, p-cpe:/a:redhat:enterprise_linux:python3-receptor-satellite, p-cpe:/a:redhat:enterprise_linux:python3-six, p-cpe:/a:redhat:enterprise_linux:python3-typing-extensions, p-cpe:/a:redhat:enterprise_linux:python3-yarl, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:receptor, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:repoview, p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-evr, p-cpe:/a:redhat:enterprise_linux:rhel8-kickstart-setup, p-cpe:/a:redhat:enterprise_linux:rubygem-facter, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:rubygem-newt, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actioncable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailbox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actiontext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionview, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-import, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activestorage, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-amazing_print, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-dsl, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_compute
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/27/2020
Vulnerability Publication Date: 8/2/2017
Reference Information
CVE: CVE-2018-11751, CVE-2018-3258, CVE-2019-12781, CVE-2019-16782, CVE-2020-10693, CVE-2020-10968, CVE-2020-10969, CVE-2020-11619, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-14334, CVE-2020-14380, CVE-2020-5216, CVE-2020-5217, CVE-2020-5267, CVE-2020-7238, CVE-2020-7663, CVE-2020-7942, CVE-2020-7943, CVE-2020-8161, CVE-2020-8184, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548