Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-1317.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1077359 |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:32
Type | Values Removed | Values Added |
---|---|---|
Summary | Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. | |
References |
|
02 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP(S) requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation. |
Information
Published : 2014-10-06 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-0140
Mitre link : CVE-2014-0140
CVE.ORG link : CVE-2014-0140
JSON object : View
Products Affected
redhat
- cloudforms_3.0.2_management_engine
- cloudforms_3.0.3_management_engine
- cloudforms_3.0_management_engine
- cloudforms_3.0.1_management_engine
- cloudforms_3.0.5_management_engine
- cloudforms_3.0.4_management_engine
CWE
CWE-264
Permissions, Privileges, and Access Controls