The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-1037.html | Vendor Advisory |
http://www.securityfocus.com/bid/69233 |
Configurations
History
13 Feb 2023, 00:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. |
02 Feb 2023, 20:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController. | |
References |
|
Information
Published : 2014-10-27 01:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-0136
Mitre link : CVE-2014-0136
CVE.ORG link : CVE-2014-0136
JSON object : View
Products Affected
redhat
- cloudforms_3.0_management_engine
CWE
CWE-20
Improper Input Validation