Lucene search
HistoryMay 14, 2014 - 7:55 p.m.
CVE-2014-0137
cve-2014-0137
sql injection
red hat cloudforms management engine
cfme
remote authenticated users
nvd
miqreportresult.exists
8.2 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.3%
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.
Affected configurations
Node
redhatcloudforms_3.0_management_engineRange≤5.2.3
ORredhatcloudforms_3.0_management_engineMatch5.2
ORredhatcloudforms_3.0_management_engineMatch5.2.1
ORredhatcloudforms_3.0_management_engineMatch5.2.2
Related
prion
prion
Sql injection
2014-05-14 19:55:00
cvelist
cvelist
CVE-2014-0137
2014-05-14 19:00:00
veracode
veracode
SQL Injection
2019-05-02 05:03:09
nvd
nvd
CVE-2014-0137
2014-05-14 19:55:10
redhat
redhat
(RHSA-2014:0469) Important: cfme security, bug fix, and enhancement update
2014-05-12 00:00:00
8.2 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.3%
Related for CVE-2014-0137