Lucene search
RedhatCVE-2014-0136HistoryOct 27, 2014 - 1:55 a.m.
CVE-2014-0136
2014-10-2701:55:24
CWE-20
redhat
web.nvd.nist.gov
24
cve-2014-0136
red hat cloudforms
cfme
remote attackers
log files
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.002
Percentile
57.4%
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
Affected configurations
Node
redhatcloudforms_3.0_management_engineRange≤5.2.5.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | cloudforms_3.0_management_engine | * | cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2014-0136
2014-10-27 01:55:24
cvelist
cvelist
CVE-2014-0136
2014-10-27 01:00:00
prion
prion
Code injection
2014-10-27 01:55:00
redhat
redhat
(RHSA-2014:1037) Moderate: cfme security and bug fix update
2014-08-13 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.002
Percentile
57.4%
Related for CVE-2014-0136