Detections
Analytics
RHEL 8 : CloudForms 5.0.1 (RHSA-2019:4201)
medium Nessus Plugin ID 210542
Synopsis
The remote Red Hat host is missing a security update.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4201 advisory.Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* cfme: rubygem-rubyzip denial of service via crafted ZIP file (CVE-2019-16892)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/errata/RHSA-2019:4201
https://access.redhat.com/security/updates/classification/#moderate
http://www.nessus.org/u?b131b2e6
https://bugzilla.redhat.com/show_bug.cgi?id=1713400
https://bugzilla.redhat.com/show_bug.cgi?id=1730066
https://bugzilla.redhat.com/show_bug.cgi?id=1747179
https://bugzilla.redhat.com/show_bug.cgi?id=1767548
https://bugzilla.redhat.com/show_bug.cgi?id=1767549
https://bugzilla.redhat.com/show_bug.cgi?id=1767550
https://bugzilla.redhat.com/show_bug.cgi?id=1767645
https://bugzilla.redhat.com/show_bug.cgi?id=1767646
https://bugzilla.redhat.com/show_bug.cgi?id=1767647
https://bugzilla.redhat.com/show_bug.cgi?id=1767648
https://bugzilla.redhat.com/show_bug.cgi?id=1767656
https://bugzilla.redhat.com/show_bug.cgi?id=1767659
https://bugzilla.redhat.com/show_bug.cgi?id=1767660
https://bugzilla.redhat.com/show_bug.cgi?id=1767774
https://bugzilla.redhat.com/show_bug.cgi?id=1767775
https://bugzilla.redhat.com/show_bug.cgi?id=1767776
https://bugzilla.redhat.com/show_bug.cgi?id=1767777
https://bugzilla.redhat.com/show_bug.cgi?id=1767783
https://bugzilla.redhat.com/show_bug.cgi?id=1767784
https://bugzilla.redhat.com/show_bug.cgi?id=1767786
https://bugzilla.redhat.com/show_bug.cgi?id=1767788
https://bugzilla.redhat.com/show_bug.cgi?id=1767789
https://bugzilla.redhat.com/show_bug.cgi?id=1767790
https://bugzilla.redhat.com/show_bug.cgi?id=1767791
https://bugzilla.redhat.com/show_bug.cgi?id=1767796
https://bugzilla.redhat.com/show_bug.cgi?id=1767809
https://bugzilla.redhat.com/show_bug.cgi?id=1767810
https://bugzilla.redhat.com/show_bug.cgi?id=1767811
https://bugzilla.redhat.com/show_bug.cgi?id=1767818
https://bugzilla.redhat.com/show_bug.cgi?id=1767819
https://bugzilla.redhat.com/show_bug.cgi?id=1767821
https://bugzilla.redhat.com/show_bug.cgi?id=1767823
https://bugzilla.redhat.com/show_bug.cgi?id=1767824
https://bugzilla.redhat.com/show_bug.cgi?id=1767833
https://bugzilla.redhat.com/show_bug.cgi?id=1767834
https://bugzilla.redhat.com/show_bug.cgi?id=1767835
https://bugzilla.redhat.com/show_bug.cgi?id=1767836
https://bugzilla.redhat.com/show_bug.cgi?id=1767837
https://bugzilla.redhat.com/show_bug.cgi?id=1767880
https://bugzilla.redhat.com/show_bug.cgi?id=1767881
https://bugzilla.redhat.com/show_bug.cgi?id=1767885
https://bugzilla.redhat.com/show_bug.cgi?id=1767886
https://bugzilla.redhat.com/show_bug.cgi?id=1767895
https://bugzilla.redhat.com/show_bug.cgi?id=1767896
https://bugzilla.redhat.com/show_bug.cgi?id=1767901
https://bugzilla.redhat.com/show_bug.cgi?id=1768456
https://bugzilla.redhat.com/show_bug.cgi?id=1768517
https://bugzilla.redhat.com/show_bug.cgi?id=1768520
https://bugzilla.redhat.com/show_bug.cgi?id=1768525
https://bugzilla.redhat.com/show_bug.cgi?id=1768530
https://bugzilla.redhat.com/show_bug.cgi?id=1768576
https://bugzilla.redhat.com/show_bug.cgi?id=1768638
https://bugzilla.redhat.com/show_bug.cgi?id=1771298
https://bugzilla.redhat.com/show_bug.cgi?id=1771737
https://bugzilla.redhat.com/show_bug.cgi?id=1773666
https://bugzilla.redhat.com/show_bug.cgi?id=1773667
Plugin Details
Severity: Medium
ID: 210542
File Name: redhat-RHSA-2019-4201.nasl
Version: 1.1
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/7/2024
Updated: 11/7/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2019-16892
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:cfme, p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate, p-cpe:/a:redhat:enterprise_linux:cfme-appliance, p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common, p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools, p-cpe:/a:redhat:enterprise_linux:cfme-gemset, p-cpe:/a:redhat:enterprise_linux:v2v-conversion-host-ansible, p-cpe:/a:redhat:enterprise_linux:ovirt-ansible-hosted-engine-setup, p-cpe:/a:redhat:enterprise_linux:v2v-conversion-host
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/13/2019
Vulnerability Publication Date: 9/25/2019
Reference Information
CVE: CVE-2019-16892