It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.
This issue has been addressed in following products:
Red Hat Network Satellite Server v 5.3
Red Hat Network Satellite Server v 5.4
Red Hat Network Satellite Server v 5.5
Red Hat Satellite Server v 5.6
Via RHSA-2013:1514 https://rhn.redhat.com/errata/RHSA-2013-1514.html