It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server. (CVE-2013-4480)
How can I mitigate the CVE-2013-4480 vulnerability on my Red Hat Satellite Server?
- Red Hat Satellite Server 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.