{
  "threat_severity" : "Moderate",
  "public_date" : "2020-01-15T08:08:00Z",
  "bugzilla" : {
    "description" : "rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username",
    "id" : "2429874",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2429874"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-78",
  "details" : [ "A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.", "A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system." ],
  "statement" : "This vulnerability is rated Moderate for Red Hat Satellite because it requires the BMC component to be enabled and configured to use `ipmitool` as the IPMI implementation. An authenticated attacker with host creation or update permissions can exploit this by crafting a malicious BMC username. Exploitation is limited to environments meeting these specific configuration and permission requirements.",
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5971",
    "cpe" : "cpe:/a:redhat:satellite:6.16::el8",
    "package" : "rubygem-rubyipmi-0:0.13.0-0.1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5971",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el8",
    "package" : "rubygem-rubyipmi-0:0.13.0-0.1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5971",
    "cpe" : "cpe:/a:redhat:satellite:6.16::el9",
    "package" : "rubygem-rubyipmi-0:0.13.0-0.1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5971",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el9",
    "package" : "rubygem-rubyipmi-0:0.13.0-0.1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "foreman-0:3.14.0.14-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "libcomps-0:0.1.23-0.3.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "python-brotli-0:1.2.0-0.1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "python-django-0:4.2.28-0.1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "python-pulp-container-0:2.22.3-1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "python-pulp-rpm-0:3.27.10-2.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "rubygem-fog-kubevirt-0:1.5.1-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "rubygem-katello-0:4.16.0.14-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "rubygem-rubyipmi-0:0.13.0-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "satellite-0:6.17.7-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_maintenance:6.17::el9",
    "package" : "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "foreman-0:3.14.0.14-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "libcomps-0:0.1.23-0.3.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "python-brotli-0:1.2.0-0.1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "python-django-0:4.2.28-0.1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "python-pulp-container-0:2.22.3-1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "python-pulp-rpm-0:3.27.10-2.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "rubygem-fog-kubevirt-0:1.5.1-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "rubygem-katello-0:4.16.0.14-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "rubygem-rubyipmi-0:0.13.0-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "satellite-0:6.17.7-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5970",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.18 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5968",
    "cpe" : "cpe:/a:redhat:satellite:6.18::el9",
    "package" : "rubygem-rubyipmi-0:0.13.0-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.18 for RHEL 9",
    "release_date" : "2026-03-26T00:00:00Z",
    "advisory" : "RHSA-2026:5968",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.18::el9",
    "package" : "rubygem-rubyipmi-0:0.13.0-1.el9sat"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Affected",
    "package_name" : "satellite:el8/rubygem-rubyipmi",
    "cpe" : "cpe:/a:redhat:satellite:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-0980\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0980" ],
  "name" : "CVE-2026-0980",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}