Lucene search

[email protected]NVD:CVE-2014-0136

HistoryOct 27, 2014 - 1:55 a.m.

CVE-2014-0136

2014-10-2701:55:24

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.

Affected configurations

Nvd

Node

redhatcloudforms_3.0_management_engineRange≤5.2.5.3

VendorProductVersionCPE
redhatcloudforms_3.0_management_engine*cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	cloudforms_3.0_management_engine	*	cpe:2.3:a:redhat:cloudforms_3.0_management_engine::::::::

References

rhn.redhat.com/errata/RHSA-2014-1037.html

www.securityfocus.com/bid/69233

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

Related for NVD:CVE-2014-0136

cvelist1 prion1 cve1 redhat1