CVE-2013-4172Code Injection in Redhat Cloudforms Management Engine

CWE-94Code InjectionCWE-96Static Code Injection5 documents5 sources
Severity
8.5HIGHNVD
EPSS
0.7%
top 28.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms Management Engine
Timeline
PublishedAug 23
Latest updateMay 17

Description

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jhv9-pf4q-qvw6: The Red Hat CloudForms Management Engine 52022-05-17
CVEList
CVE-2013-4172: The Red Hat CloudForms Management Engine 52013-08-23

📋Vendor Advisories

1
Red Hat
interface: Ruby code injection2013-08-19

💬Community

1
Bugzilla
CVE-2013-4172 CFME 2.0 web interface: Ruby code injection2013-07-26
CVE-2013-4172 — Code Injection in Redhat | cvebase