CVE-2014-0078

CWE-264 CWE-862 — Missing Authorization5 documents5 sources

Severity

4.0MEDIUM

EPSS

0.6%

top 30.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms 3.0 Management Engine

Timeline

PublishedMay 14

Latest updateMay 17

Description

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/cloudforms_3.0_management_engine5.2.3+3

🔴Vulnerability Details

GHSA

GHSA-fxwq-pp2x-ch5j: The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5↗2022-05-17

▶

CVEList

CVE-2014-0078: The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5↗2014-05-14

▶

📋Vendor Advisories

Red Hat

CFME: multiple authorization bypass vulnerabilities in CatalogController↗2014-05-12

▶

💬Community

Bugzilla

CVE-2014-0078 CFME: multiple authorization bypass vulnerabilities in CatalogController↗2014-02-12

▶