Lucene search

[email protected]CVE-2014-0136

HistoryOct 27, 2014 - 1:55 a.m.

CVE-2014-0136

2014-10-2701:55:24

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-0136

red hat cloudforms

cfme

remote attackers

log files

security vulnerability

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.2%

JSON

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.

Affected configurations

NVD

Node

redhatcloudforms_3.0_management_engineRange≤5.2.5.3

CPENameOperatorVersion
redhat:cloudforms_3.0_management_engineredhat cloudforms 3.0 management enginele5.2.5.3

CPE	Name	Operator	Version
redhat:cloudforms_3.0_management_engine	redhat cloudforms 3.0 management engine	le	5.2.5.3

References

rhn.redhat.com/errata/RHSA-2014-1037.html

www.securityfocus.com/bid/69233

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for CVE-2014-0136

cvelist1 redhat1 prion1 nvd1