Lucene search
HistoryJul 07, 2014 - 2:55 p.m.
CVE-2014-3489
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.4%
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.
Affected configurations
Node
redhatcloudforms_3.0_management_engineRange≤5.2.4
ORredhatcloudforms_3.0_management_engineMatch5.2
ORredhatcloudforms_3.0_management_engineMatch5.2.1
ORredhatcloudforms_3.0_management_engineMatch5.2.1.6
ORredhatcloudforms_3.0_management_engineMatch5.2.2
ORredhatcloudforms_3.0_management_engineMatch5.2.3
ORredhatcloudforms_3.0_management_engineMatch5.2.3.2
Related
cve
cve
CVE-2014-3489
2014-07-07 14:55:04
prion
prion
Hardcoded credentials
2014-07-07 14:55:00
cvelist
cvelist
CVE-2014-3489
2014-07-07 14:00:00
veracode
veracode
Arbitrary Command Execution
2019-05-02 05:02:41
Sensitive Information Disclosure
2019-05-02 05:02:41
Credential Disclosure Through A Brute Force Attack
2019-05-02 05:02:41
redhat
redhat
(RHSA-2014:0816) Important: cfme security, bug fix, and enhancement update
2014-06-30 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.4%
Related for NVD:CVE-2014-3489