{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "title": "XSS in custom system information key handling", "tracking": { "current_release_date": "2026-05-07T12:10:36+00:00", "generator": { "date": "2026-05-07T12:10:36+00:00", "engine": { "name": "CSAF Generator", "version": "2.0.1" } }, "id": "CVE-2011-4346", "initial_release_date": "2011-12-10T17:00:00+00:00", "revision_history": [ { "date": "2026-05-07T12:10:36+00:00", "number": "1", "summary": "Last generated version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "branches": [ { "category": "product_name", "name": "Red Hat Satellite", "product": { "name": "Red Hat Satellite", "product_id": "rhn_satellite_5.4::el5", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.4::el5" } } }, { "category": "product_name", "name": "Red Hat Satellite", "product": { "name": "Red Hat Satellite", "product_id": "rhn_satellite_5.4::el6", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.4::el6" } } }, { "category": "product_name", "name": "Red Hat Satellite 6.16.0", "product": { "name": "Red Hat Satellite 6.16.0", "product_id": "rhn_satellite_6.16", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:6" } } }, { "category": "product_name", "name": "Red Hat Satellite 6.17.0", "product": { "name": "Red Hat Satellite 6.17.0", "product_id": "rhn_satellite_6.17", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:6.17" } } }, { "category": "product_name", "name": "Red Hat Satellite 6.18.0", "product": { "name": "Red Hat Satellite 6.18.0", "product_id": "satellite_6.18", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:6.18" } } }, { "category": "product_name", "name": "Red Hat Satellite 6.19.0", "product": { "name": "Red Hat Satellite 6.19.0", "product_id": "satellite_6.19", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:6.19" } } }, { "category": "product_version", "name": "satellite-capsule:el8/satellite", "product": { "name": "satellite-capsule:el8/satellite", "product_id": "satellite-capsule:el8/satellite.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite?arch=src&rpmmod=satellite-capsule:el8" } } }, { "category": "product_version", "name": "satellite", "product": { "name": "satellite", "product_id": "satellite.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite?arch=src" } } }, { "category": "product_version", "name": "spacewalk-web", "product": { "name": "spacewalk-web", "product_id": "spacewalk-web-0:1.2.7-21.el5sat", "product_identification_helper": { "purl": "pkg:rpm/redhat/spacewalk-web@1.2.7-21.el5sat?epoch=0" } } }, { "category": "product_version", "name": "spacewalk-web", "product": { "name": "spacewalk-web", "product_id": "spacewalk-web-0:1.2.7-21.el6sat", "product_identification_helper": { "purl": "pkg:rpm/redhat/spacewalk-web@1.2.7-21.el6sat?epoch=0" } } } ] } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "satellite-capsule:el8/satellite.src as a component of Red Hat Satellite 6.16.0", "product_id": "rhn_satellite_6.16:satellite-capsule:el8/satellite.src" }, "product_reference": "satellite-capsule:el8/satellite.src", "relates_to_product_reference": "rhn_satellite_6.16" }, { "category": "default_component_of", "full_product_name": { "name": "satellite.src as a component of Red Hat Satellite 6.17.0", "product_id": "rhn_satellite_6.17:satellite.src" }, "product_reference": "satellite.src", "relates_to_product_reference": "rhn_satellite_6.17" }, { "category": "default_component_of", "full_product_name": { "name": "satellite.src as a component of Red Hat Satellite 6.19.0", "product_id": "satellite_6.19:satellite.src" }, "product_reference": "satellite.src", "relates_to_product_reference": "satellite_6.19" }, { "category": "default_component_of", "full_product_name": { "name": "satellite.src as a component of Red Hat Satellite 6.18.0", "product_id": "satellite_6.18:satellite.src" }, "product_reference": "satellite.src", "relates_to_product_reference": "satellite_6.18" }, { "category": "default_component_of", "full_product_name": { "name": "satellite.src as a component of Red Hat Satellite 6.16.0", "product_id": "rhn_satellite_6.16:satellite.src" }, "product_reference": "satellite.src", "relates_to_product_reference": "rhn_satellite_6.16" }, { "category": "default_component_of", "full_product_name": { "name": "spacewalk-web-0:1.2.7-21.el5sat as a component of Red Hat Satellite", "product_id": "rhn_satellite_5.4::el5:spacewalk-web-0:1.2.7-21.el5sat" }, "product_reference": "spacewalk-web-0:1.2.7-21.el5sat", "relates_to_product_reference": "rhn_satellite_5.4::el5" }, { "category": "default_component_of", "full_product_name": { "name": "spacewalk-web-0:1.2.7-21.el6sat as a component of Red Hat Satellite", "product_id": "rhn_satellite_5.4::el6:spacewalk-web-0:1.2.7-21.el6sat" }, "product_reference": "spacewalk-web-0:1.2.7-21.el6sat", "relates_to_product_reference": "rhn_satellite_5.4::el6" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-4346", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "discovery_date": "2026-04-02T15:01:38+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "rhn_satellite_6.16:satellite-capsule:el8/satellite.src", "rhn_satellite_6.16:satellite.src", "rhn_satellite_6.17:satellite.src", "satellite_6.18:satellite.src", "satellite_6.19:satellite.src" ] } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "rhn_satellite_5.4::el5:spacewalk-web-0:1.2.7-21.el5sat", "rhn_satellite_5.4::el6:spacewalk-web-0:1.2.7-21.el6sat" ], "known_not_affected": [ "rhn_satellite_6.16:satellite-capsule:el8/satellite.src", "rhn_satellite_6.16:satellite.src", "rhn_satellite_6.17:satellite.src", "satellite_6.18:satellite.src", "satellite_6.19:satellite.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4346" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4346" }, { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4346" } ], "remediations": [ { "category": "vendor_fix", "date": "2011-12-07T19:12:09+00:00", "details": "Apply advisory RHSA-2011:1794 as per vendors instructions.", "product_ids": [ "rhn_satellite_5.4::el5:spacewalk-web-0:1.2.7-21.el5sat", "rhn_satellite_5.4::el6:spacewalk-web-0:1.2.7-21.el6sat" ], "url": "https://access.redhat.com/errata/RHSA-2011:1794" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "products": [ "rhn_satellite_5.4::el5:spacewalk-web-0:1.2.7-21.el5sat", "rhn_satellite_5.4::el6:spacewalk-web-0:1.2.7-21.el6sat", "rhn_satellite_6.16:satellite-capsule:el8/satellite.src", "rhn_satellite_6.16:satellite.src", "rhn_satellite_6.17:satellite.src", "satellite_6.18:satellite.src", "satellite_6.19:satellite.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "rhn_satellite_5.4::el5:spacewalk-web-0:1.2.7-21.el5sat", "rhn_satellite_5.4::el6:spacewalk-web-0:1.2.7-21.el6sat", "rhn_satellite_6.16:satellite-capsule:el8/satellite.src", "rhn_satellite_6.16:satellite.src", "rhn_satellite_6.17:satellite.src", "satellite_6.18:satellite.src", "satellite_6.19:satellite.src" ] } ], "title": "XSS in custom system information key handling" } ] }