Lucene search
HistoryMay 14, 2014 - 7:55 p.m.
CVE-2014-0137
cve-2014-0137
sql injection
red hat cloudforms management engine
cfme
remote authenticated users
nvd
miqreportresult.exists
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.2
Confidence
Low
EPSS
0.001
Percentile
46.5%
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.
Affected configurations
Node
redhatcloudforms_3.0_management_engineRange≤5.2.3
ORredhatcloudforms_3.0_management_engineMatch5.2
ORredhatcloudforms_3.0_management_engineMatch5.2.1
ORredhatcloudforms_3.0_management_engineMatch5.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | cloudforms_3.0_management_engine | 5.2 | cpe:/a:redhat:cloudforms_3.0_management_engine:5.2::: |
| redhat | cloudforms_3.0_management_engine | 5.2.2 | cpe:/a:redhat:cloudforms_3.0_management_engine:5.2.2::: |
| redhat | cloudforms_3.0_management_engine | cpe:/a:redhat:cloudforms_3.0_management_engine:::: | |
| redhat | cloudforms_3.0_management_engine | 5.2.1 | cpe:/a:redhat:cloudforms_3.0_management_engine:5.2.1::: |
Related
prion
prion
Sql injection
2014-05-14 19:55:00
cvelist
cvelist
CVE-2014-0137
2014-05-14 19:00:00
nvd
nvd
CVE-2014-0137
2014-05-14 19:55:10
veracode
veracode
SQL Injection
2019-05-02 05:03:09
redhat
redhat
(RHSA-2014:0469) Important: cfme security, bug fix, and enhancement update
2014-05-12 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.2
Confidence
Low
EPSS
0.001
Percentile
46.5%
Related for CVE-2014-0137