Lucene search

K
nvd[email protected]NVD:CVE-2014-3642
HistoryOct 06, 2014 - 2:55 p.m.

CVE-2014-3642

2014-10-0614:55:10
CWE-264
web.nvd.nist.gov
3

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

60.0%

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an “insecure send method.”

Affected configurations

Nvd
Node
redhatcloudforms_3.0.1_management_engineMatch5.2.1
OR
redhatcloudforms_3.0.2_management_engineMatch5.2.2
OR
redhatcloudforms_3.0.3_management_engineMatch5.2.3
OR
redhatcloudforms_3.0.4_management_engineMatch5.2.4
OR
redhatcloudforms_3.0.5_management_engineRange5.2.5
OR
redhatcloudforms_3.0_management_engineMatch5.2
VendorProductVersionCPE
redhatcloudforms_3.0.1_management_engine5.2.1cpe:2.3:a:redhat:cloudforms_3.0.1_management_engine:5.2.1:*:*:*:*:*:*:*
redhatcloudforms_3.0.2_management_engine5.2.2cpe:2.3:a:redhat:cloudforms_3.0.2_management_engine:5.2.2:*:*:*:*:*:*:*
redhatcloudforms_3.0.3_management_engine5.2.3cpe:2.3:a:redhat:cloudforms_3.0.3_management_engine:5.2.3:*:*:*:*:*:*:*
redhatcloudforms_3.0.4_management_engine5.2.4cpe:2.3:a:redhat:cloudforms_3.0.4_management_engine:5.2.4:*:*:*:*:*:*:*
redhatcloudforms_3.0.5_management_engine*cpe:2.3:a:redhat:cloudforms_3.0.5_management_engine:*:*:*:*:*:*:*:*
redhatcloudforms_3.0_management_engine5.2cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

60.0%

Related for NVD:CVE-2014-3642