CVE-2014-0136

CWE-20 — Improper Input Validation CWE-1176 documents5 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 52.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms 3.0 Management Engine

Timeline

PublishedOct 27

Latest updateMay 17

Description

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/cloudforms_3.0_management_engine5.2.5.3

🔴Vulnerability Details

GHSA

GHSA-xf8w-qcq9-6w6f: The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3↗2022-05-17

▶

CVEList

CVE-2014-0136: The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3↗2014-10-27

▶

📋Vendor Advisories

Red Hat

CFME: AgentController get/log application log forging↗2014-08-13

▶

💬Community

Bugzilla

CVE-2014-0136 CFME: AgentController get/log application log forging↗2014-03-14

▶

Bugzilla

CVE-2014-0417 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)↗2014-01-15

▶