{"api_version":"1","generated_at":"2026-05-07T00:15:37+00:00","cve":"CVE-2018-14666","urls":{"html":"https://cve.report/CVE-2018-14666","api":"https://cve.report/api/cve/CVE-2018-14666.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-14666","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-14666"},"summary":{"title":"CVE-2018-14666","description":"An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-01-22 15:29:00","updated_at":"2019-10-09 23:35:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"1638156 – (CVE-2018-14666) CVE-2018-14666 Satellite: Smart class parameters allow users to access other organizations","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106490","name":"106490","refsource":"BID","tags":["Third Party Advisory"],"title":"Foreman CVE-2018-14666 Authorization Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-14666","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14666","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"14666","vulnerable":"1","versionEndIncluding":"6.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"satellite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2018-14666","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285","cweId":"CWE-285"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"[UNKNOWN]","product":{"product_data":[{"product_name":"Satellite","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://www.securityfocus.com/bid/106490","refsource":"MISC","name":"http://www.securityfocus.com/bid/106490"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666"}]},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","version":"3.0"}]}},"nvd":{"publishedDate":"2019-01-22 15:29:00","lastModifiedDate":"2019-10-09 23:35:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"14666","Ordinal":"131374","Title":"CVE-2018-14666","CVE":"CVE-2018-14666","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"14666","Ordinal":"1","NoteData":"An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"14666","Ordinal":"2","NoteData":"2019-01-22","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"14666","Ordinal":"3","NoteData":"2019-01-23","Type":"Other","Title":"Modified"}]}}}