Lucene search
Veracode Vulnerability DatabaseVERACODE:11447HistoryJan 15, 2019 - 9:02 a.m.
Privilege Escalation
2019-01-1509:02:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.001
Percentile
39.8%
cfme is vulnerable to privilege escalation attacks. The vulnerability exists as Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
References
rhn.redhat.com/errata/RHSA-2014-1317.html
access.redhat.com/documentation/en-US/CloudForms/3.1/html/Management_Engine_5.3_Release_Notes
access.redhat.com/documentation/en-US/CloudForms/3.1/html/Management_Engine_5.3_Technical_Notes
access.redhat.com/errata/RHSA-2014:1317
access.redhat.com/security/cve/CVE-2014-0140
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1077359
rhn.redhat.com/errata/RHSA-2014-1317.html
Related
cvelist
cvelist
CVE-2014-0140
2014-10-06 14:00:00
nvd
nvd
CVE-2014-0140
2014-10-06 14:55:08
cve
cve
CVE-2014-0140
2014-10-06 14:55:08
prion
prion
Cross site request forgery (csrf)
2014-10-06 14:55:00
redhat
redhat
(RHSA-2014:1317) Moderate: cfme security, bug fix, and enhancement update
2014-10-02 00:00:00