Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c3cm-h13f-jubq
Vulnerability ID VCID-c3cm-h13f-jubq
Aliases CVE-2012-6119
Summary Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Status Published
Exploitability 0.5
Weighted Severity 1.9
Risk 0.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2012-6119
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2012-6119
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2013-0686.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6119.json
https://api.first.org/data/v1/epss?cve=CVE-2012-6119
http://secunia.com/advisories/52774
https://github.com/candlepin/candlepin/blob/master/candlepin.spec
https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c
http://www.osvdb.org/91719
908613 https://bugzilla.redhat.com/show_bug.cgi?id=908613
cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:0.4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:candlepinproject:candlepin:0.4.11:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:0.4.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:candlepinproject:candlepin:0.4.27:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:0.4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:candlepinproject:candlepin:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:0.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:candlepinproject:candlepin:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:0.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:candlepinproject:candlepin:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*
CVE-2012-6119 https://nvd.nist.gov/vuln/detail/CVE-2012-6119
RHSA-2013:0686 https://access.redhat.com/errata/RHSA-2013:0686
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-6119
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.17814
EPSS Score 0.00057
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:22.314805+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.0.0