Redhat Certification
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:redhat-certification:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Redhat Certification (d1b9c6a1-cd39-59f1-86a9-e9f5b00e4dd9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-3897 |
vulnerable | 2026-06-08 05:13:56.329770 |
Details available
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
Published: 2021-03-16T21:02:23.000Z
Updated: 2024-08-04T19:26:26.664Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10868 |
vulnerable | 2026-06-08 05:10:37.252759 |
Details available
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.
Published: 2021-05-26T18:03:25.000Z
Updated: 2024-08-05T07:46:47.017Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10867 |
vulnerable | 2026-06-08 05:10:37.252374 |
Details available
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
Published: 2021-05-26T18:03:20.000Z
Updated: 2024-08-05T07:46:47.328Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10866 |
vulnerable | 2026-06-08 05:10:37.252084 |
Details available
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.
Published: 2021-05-26T18:03:16.000Z
Updated: 2024-08-05T07:46:47.477Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10865 |
vulnerable | 2026-06-08 05:10:37.251775 |
Details available
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.
Published: 2021-05-26T18:03:11.000Z
Updated: 2024-08-05T07:46:47.462Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10863 |
vulnerable | 2026-06-08 05:10:37.247764 |
Details available
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.
Published: 2021-05-26T18:03:06.000Z
Updated: 2024-08-05T07:46:47.062Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.