← Back to CVEs
CVE-2012-0059
MEDIUM4.9
Description
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.
CVE Details
CVSS v3.1 Score4.9
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published2/5/2014
Last Modified4/29/2026
Sourcenvd
Honeypot Sightings0
Affected Products
redhat:network_proxyredhat:satellite
Weaknesses (CWE)
CWE-209CWE-310
References
http://rhn.redhat.com/errata/RHSA-2012-0101.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2012-0102.html(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2012-0059(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2012-0101.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0102.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.