CVE-2014-0087

CWE-264CWE-2855 documents5 sources
Severity
8.8HIGH
EPSS
0.3%
top 42.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms Management Engine
Timeline
PublishedJan 11
Latest updateMay 14

Description

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

šŸ”“Vulnerability Details

2
GHSA
GHSA-662v-625c-j7qp: The check_privileges method in vmdb/app/controllers/application_controllerā†—2022-05-14
ā–¶
CVEList
CVE-2014-0087: The check_privileges method in vmdb/app/controllers/application_controllerā†—2018-01-11
ā–¶

šŸ“‹Vendor Advisories

1
Red Hat
CFME: check_privileges logic error resulting in privilege escalationā†—2015-02-04
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2014-0087 CFME: check_privileges logic error resulting in privilege escalationā†—2014-02-20
ā–¶
CVE-2014-0087 (HIGH CVSS 8.8) | The check_privileges method in vmdb | cvebase.io