2 matches found
CVE-2014-0140
Red Hat CloudForms Management Engine (CFME) prior to 5.3 is affected. An authenticated user could access sensitive controllers and actions via direct HTTP(S) requests, enabling possible privilege escalation. The issue is documented under CVE-2014-0140 and addressed in Red Hat’s RHSA-2014:1317; re...
CVE-2014-3642
CVE-2014-3642 affects Red Hat CloudForms 3.1 Management Engine (CFME) prior to 5.3. The vulnerability resides in vmdb/app/controllers/application_controller/performance.rb with an insecure send method, allowing remote authenticated users to gain privileges via unspecified vectors (privilege escal...