Vulnerability-Lookup

CVE-2015-5189 (GCVE-0-2015-5189)

Vulnerability from cvelistv5 – Published: 2015-09-03 14:00 – Updated: 2024-08-06 06:41

Summary

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2015-5189

Vulnerability from fkie_nvd - Published: 2015-09-03 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1700.html
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1252805
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1700.html
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1252805

Impacted products

	Vendor	Product	Version
	pacemaker\/corosync_configuration_system_project	pacemaker\/corosync_configuration_system	*

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pacemaker\\/corosync_configuration_system_project:pacemaker\\/corosync_configuration_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E6BE70-8D68-4908-B755-AC7509BC9B40",
              "versionEndIncluding": "0.9.139",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de condici\u00f3n de carrera de pcsd en PCS 0.9.139 y en versiones anteriores utiliza una variable global para validar nombres de usuarios, lo que permite a usuarios remotos autenticados para obtener privilegios mediante el env\u00edo de un comando que se comprueba por seguridad tras autenticarse otro usuario."
    }
  ],
  "id": "CVE-2015-5189",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-03T14:59:02.037",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9CPV-2W33-4R7C

Vulnerability from github – Published: 2022-05-17 04:08 – Updated: 2022-05-17 04:08

Details

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [],
  "aliases": [
    "CVE-2015-5189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-03T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.",
  "id": "GHSA-9cpv-2w33-4r7c",
  "modified": "2022-05-17T04:08:29Z",
  "published": "2022-05-17T04:08:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1700"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-5189"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-05861

Vulnerability from cnvd - Published: 2015-09-09

Title

PCS pcsd竞争条件漏洞

Description

PCS是一套利用命令行和Web UI来配置和管理Pacemaker和Corosync（集群软件）的工具。 PCS 0.9.139及之前版本的pcsd中存在竞争条件漏洞，该漏洞源于程序使用全局变量验证用户名。远程攻击者可通过发送已执行安全检查的命令利用该漏洞获取权限。

Severity

中

Patch Name

PCS pcsd竞争条件漏洞的补丁

Patch Description

PCS是一套利用命令行和Web UI来配置和管理Pacemaker和Corosync（集群软件）的工具。PCS 0.9.139及之前版本的pcsd中存在竞争条件漏洞，该漏洞源于程序使用全局变量验证用户名。远程攻击者可通过发送已执行安全检查的命令利用该漏洞获取权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://rhn.redhat.com/errata/RHSA-2015-1700.html

Reference

http://rhn.redhat.com/errata/RHSA-2015-1700.html

Impacted products

Name
PCS PCS <=0.9.139

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5189"
    }
  },
  "description": "PCS\u662f\u4e00\u5957\u5229\u7528\u547d\u4ee4\u884c\u548cWeb UI\u6765\u914d\u7f6e\u548c\u7ba1\u7406Pacemaker\u548cCorosync\uff08\u96c6\u7fa4\u8f6f\u4ef6\uff09\u7684\u5de5\u5177\u3002\r\n\r\nPCS 0.9.139\u53ca\u4e4b\u524d\u7248\u672c\u7684pcsd\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u5168\u5c40\u53d8\u91cf\u9a8c\u8bc1\u7528\u6237\u540d\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5df2\u6267\u884c\u5b89\u5168\u68c0\u67e5\u7684\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Adam Mari\u0161",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://rhn.redhat.com/errata/RHSA-2015-1700.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05861",
  "openTime": "2015-09-09",
  "patchDescription": "PCS\u662f\u4e00\u5957\u5229\u7528\u547d\u4ee4\u884c\u548cWeb UI\u6765\u914d\u7f6e\u548c\u7ba1\u7406Pacemaker\u548cCorosync\uff08\u96c6\u7fa4\u8f6f\u4ef6\uff09\u7684\u5de5\u5177\u3002PCS 0.9.139\u53ca\u4e4b\u524d\u7248\u672c\u7684pcsd\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u5168\u5c40\u53d8\u91cf\u9a8c\u8bc1\u7528\u6237\u540d\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5df2\u6267\u884c\u5b89\u5168\u68c0\u67e5\u7684\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PCS pcsd\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "PCS PCS \u003c=0.9.139"
  },
  "referenceLink": "http://rhn.redhat.com/errata/RHSA-2015-1700.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-09-06",
  "title": "PCS pcsd\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e"
}

GSD-2015-5189

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-5189

Aliases

CVE-2015-5189

JSON

To clipboard Create KEV Entry

{
  "GSD": {
    "alias": "CVE-2015-5189",
    "description": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.",
    "id": "GSD-2015-5189",
    "references": [
      "https://access.redhat.com/errata/RHSA-2015:1700"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5189"
      ],
      "details": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.",
      "id": "GSD-2015-5189",
      "modified": "2023-12-13T01:20:06.446443Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-5189",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1700.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pacemaker\\/corosync_configuration_system_project:pacemaker\\/corosync_configuration_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.139",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5189"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
            },
            {
              "name": "RHSA-2015:1700",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:50Z",
      "publishedDate": "2015-09-03T14:59Z"
    }
  }
}

RHSA-2015:1700

Vulnerability from csaf_redhat - Published: 2015-09-01 13:41 - Updated: 2025-11-21 17:53

Summary

Red Hat Security Advisory: pcs security update

Notes

Topic

Updated pcs packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. (CVE-2015-5190) A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. (CVE-2015-5189) These issues were discovered by Tomáš Jelínek of Red Hat. All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard Create KEV Entry

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated pcs packages that fix two security issues are now available for Red\nHat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nA command injection flaw was found in the pcsd web UI. An attacker able to\ntrick a victim that was logged in to the pcsd web UI into visiting a\nspecially crafted URL could use this flaw to execute arbitrary code with\nroot privileges on the server hosting the web UI. (CVE-2015-5190)\n\nA race condition was found in the way the pcsd web UI backend performed\nauthorization of user requests. An attacker could use this flaw to send a\nrequest that would be evaluated as originating from a different user,\npotentially allowing the attacker to perform actions with permissions of a\nmore privileged user. (CVE-2015-5189)\n\nThese issues were discovered by Tom\u00e1\u0161 Jel\u00ednek of Red Hat.\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1700",
        "url": "https://access.redhat.com/errata/RHSA-2015:1700"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1252805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
      },
      {
        "category": "external",
        "summary": "1252813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1700.json"
      }
    ],
    "title": "Red Hat Security Advisory: pcs security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:53:28+00:00",
      "generator": {
        "date": "2025-11-21T17:53:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2015:1700",
      "initial_release_date": "2015-09-01T13:41:46+00:00",
      "revision_history": [
        {
          "date": "2015-09-01T13:41:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-09-01T13:41:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:53:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux High Availability (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux High Availability (v. 6)",
                  "product_id": "6Server-HighAvailability-6.7.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
                  "product_id": "6Server-ResilientStorage-6.7.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
                  "product_id": "7Server-HighAvailability-7.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
                  "product_id": "7Server-ResilientStorage-7.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pcs-0:0.9.139-9.el6_7.1.x86_64",
                "product": {
                  "name": "pcs-0:0.9.139-9.el6_7.1.x86_64",
                  "product_id": "pcs-0:0.9.139-9.el6_7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
                "product": {
                  "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
                  "product_id": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.139-9.el6_7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
                "product": {
                  "name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
                  "product_id": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
                "product": {
                  "name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
                  "product_id": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-0:0.9.137-13.el7_1.4.x86_64",
                "product": {
                  "name": "pcs-0:0.9.137-13.el7_1.4.x86_64",
                  "product_id": "pcs-0:0.9.137-13.el7_1.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pcs-0:0.9.139-9.el6_7.1.src",
                "product": {
                  "name": "pcs-0:0.9.139-9.el6_7.1.src",
                  "product_id": "pcs-0:0.9.139-9.el6_7.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-0:0.9.137-13.el7_1.4.src",
                "product": {
                  "name": "pcs-0:0.9.137-13.el7_1.4.src",
                  "product_id": "pcs-0:0.9.137-13.el7_1.4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
                "product": {
                  "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
                  "product_id": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.139-9.el6_7.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcs-0:0.9.139-9.el6_7.1.i686",
                "product": {
                  "name": "pcs-0:0.9.139-9.el6_7.1.i686",
                  "product_id": "pcs-0:0.9.139-9.el6_7.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
          "product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686"
        },
        "product_reference": "pcs-0:0.9.139-9.el6_7.1.i686",
        "relates_to_product_reference": "6Server-HighAvailability-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.139-9.el6_7.1.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
          "product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src"
        },
        "product_reference": "pcs-0:0.9.139-9.el6_7.1.src",
        "relates_to_product_reference": "6Server-HighAvailability-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
          "product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64"
        },
        "product_reference": "pcs-0:0.9.139-9.el6_7.1.x86_64",
        "relates_to_product_reference": "6Server-HighAvailability-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
          "product_id": "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686"
        },
        "product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
        "relates_to_product_reference": "6Server-HighAvailability-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
          "product_id": "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64"
        },
        "product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
        "relates_to_product_reference": "6Server-HighAvailability-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
          "product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686"
        },
        "product_reference": "pcs-0:0.9.139-9.el6_7.1.i686",
        "relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.139-9.el6_7.1.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
          "product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src"
        },
        "product_reference": "pcs-0:0.9.139-9.el6_7.1.src",
        "relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
          "product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64"
        },
        "product_reference": "pcs-0:0.9.139-9.el6_7.1.x86_64",
        "relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
          "product_id": "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686"
        },
        "product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
        "relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
          "product_id": "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64"
        },
        "product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
        "relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.137-13.el7_1.4.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
          "product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src"
        },
        "product_reference": "pcs-0:0.9.137-13.el7_1.4.src",
        "relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
          "product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64"
        },
        "product_reference": "pcs-0:0.9.137-13.el7_1.4.x86_64",
        "relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
          "product_id": "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64"
        },
        "product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
        "relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
          "product_id": "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
        },
        "product_reference": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
        "relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.137-13.el7_1.4.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
          "product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src"
        },
        "product_reference": "pcs-0:0.9.137-13.el7_1.4.src",
        "relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
          "product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64"
        },
        "product_reference": "pcs-0:0.9.137-13.el7_1.4.x86_64",
        "relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
          "product_id": "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64"
        },
        "product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
        "relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
          "product_id": "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
        },
        "product_reference": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
        "relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Tom\u00e1\u0161 Jel\u00ednek"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2015-5189",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2015-08-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1252805"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcs: Incorrect authorization when using pcs web UI",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
          "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
          "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
          "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
          "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
          "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
          "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
          "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
          "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
          "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
          "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
          "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
          "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-5189"
        },
        {
          "category": "external",
          "summary": "RHBZ#1252805",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-5189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-5189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189"
        }
      ],
      "release_date": "2015-09-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-09-01T13:41:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1700"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "pcs: Incorrect authorization when using pcs web UI"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Tom\u00e1\u0161 Jel\u00ednek"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2015-5190",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "discovery_date": "2015-08-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1252813"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcs: Command injection with root privileges.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
          "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
          "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
          "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
          "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
          "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
          "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
          "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
          "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
          "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
          "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
          "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
          "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
          "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-5190"
        },
        {
          "category": "external",
          "summary": "RHBZ#1252813",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-5190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-5190"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190"
        }
      ],
      "release_date": "2015-09-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-09-01T13:41:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1700"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
            "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
            "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
            "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
            "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcs: Command injection with root privileges."
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-5189 (GCVE-0-2015-5189)

FKIE_CVE-2015-5189

GHSA-9CPV-2W33-4R7C

CNVD-2015-05861

GSD-2015-5189

RHSA-2015:1700

Tags

Sightings

Nomenclature