2 matches found
CVE-2014-3692
CVE-2014-3692 affects Red Hat CloudForms 3.1 Management Engine (CFME) 5.3, where the customization template uses a default root password if none is specified for a newly created image, allowing a remote attacker to gain privileges. The connected RHSA-2015:0028 advisory documents the issue as part...
CVE-2014-7814
CVE-2014-7814 is a SQL injection vulnerability affecting Red Hat CloudForms Management Engine (CFME) 3.1/5.3 (CFME) where an authenticated user can send crafted REST API requests to an SQL filter to execute arbitrary SQL on the CFME database. The issue arises from REST API exposure of SQL filters...