CVE-2019-14894

{"id": "CVE-2019-14894", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}]}, "published": "2020-06-22T18:15:10.900", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el motor de administraci\u00f3n de CloudForms versi\u00f3n 5.10 y la administraci\u00f3n de CloudForms versi\u00f3n 5.11, que desencaden\u00f3 una ejecuci\u00f3n de c\u00f3digo remota por medio de la copia de seguridad de la programaci\u00f3n NFS. Un atacante que haya iniciado sesi\u00f3n en la consola de administraci\u00f3n podr\u00eda usar este fallo para ejecutar comandos de shell arbitrarios en el servidor de CloudForms como root"}], "lastModified": "2023-02-12T23:36:18.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFB7DD21-9B04-4943-ADD1-F2D1EB517686"}, {"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CDCF299-40B9-40B5-8398-FF25F9A071EA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}