{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"}, {"name": "RHSA-2013:1863", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"}, {"name": "candlepin-redhat-cve20136439-unspecified(90134)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6439", "datePublished": "2013-12-23T22:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1AEAC18-A40A-4F25-9C41-FD72F577292B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CB43793-470F-4C24-AC75-A2555CA68A70", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2039E9AA-9AD1-4F16-BE3D-95640F73B37B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7608FF1B-D510-44BF-BCD4-BD5C97ACA8B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."}, {"lang": "es", "value": "Candlepin en Red Hat Subscription Asset Manager v1.0 hasta v1.3 utiliza un esquema de autenticaci\u00f3n d\u00e9bil cuando el archivo de configuraci\u00f3n no especifica un esquema, lo cual tiene un impacto no especificado y vectores de ataque."}], "id": "CVE-2013-6439", "lastModified": "2023-02-13T04:50:01.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-23T22:55:02.973", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}