Cloudforms 3.0 Management Engine@5.2.3.2 Security Vulnerabilities and Issues — Cloudforms 3.0 Management Engine@5.2.3.2 CVE List

Lucene search

RedhatCloudforms 3.0 Management Engine5.2.3.2

5 matches found

CVE•added 2014/07/07 2:55 p.m.•50 views

CVE-2014-3486

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

6.9CVSS7.2AI score0.00176EPSS

CVE•added 2014/07/07 2:55 p.m.•47 views

CVE-2014-0180

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors.

5CVSS6.6AI score0.00727EPSS

CVE•added 2014/07/07 2:55 p.m.•45 views

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.

4.3CVSS6.5AI score0.00403EPSS

CVE•added 2014/07/07 2:55 p.m.•44 views

CVE-2014-0184

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.

4.9CVSS5.8AI score0.00131EPSS

CVE•added 2014/07/07 2:55 p.m.•39 views

CVE-2014-0176

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00318EPSS