The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8506 advisory.

    Red Hat Satellite is a systems management tool for Linux-based     infrastructure. It allows for provisioning, remote management, and     monitoring of multiple Linux deployments with a single centralized tool.

    Security Fix(es):
    * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
    * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an     unnecessary way (CVE-2021-37137)
    * python3-django: Possible XSS via template tag (CVE-2022-22818)
    * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)
    * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files     (CVE-2022-29970)
    * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648)
    * rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209)
    * python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    Additional Changes:

    The items above are not a complete list of changes. This update also fixes     several bugs and adds various enhancements. Documentation for these changes     is available from the Release Notes document.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : Satellite 6.12 Release (Important) (RHSA-2022:8506)

critical Nessus Plugin ID 194188

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jun 4, 2025, 8:24 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202506040824
Version 1.2 Nov 7, 2024, 8:25 PM CVE (set "CVE" coverage to "CVE-2021-37136,CVE-2021-37137,CVE-2022-22818,CVE-2022-24836,CVE-2022-25648,CVE-2022-29181,CVE-2022-29970,CVE-2022-32209,CVE-2022-34265,CVE-2024-6861") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202411072025
Version 1.1 Jun 3, 2024, 7:01 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202406031901
Version 1.0 Apr 28, 2024, 2:25 PM New Plugin Feed: 202404281425