CVE-2014-0140

CWE-264 CWE-7495 documents5 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 61.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms 3.0.5 Management Engine Redhat Cloudforms 3.0.1 Management Engine Redhat Cloudforms 3.0.2 Management Engine +3 more

Timeline

PublishedOct 6

Latest updateMay 17

Description

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages6 packages

▶NVDredhat/cloudforms_3.0.5_management_engine5.2.5

▶NVDredhat/cloudforms_3.0_management_engine5.2

▶NVDredhat/cloudforms_3.0.1_management_engine5.2.1

▶NVDredhat/cloudforms_3.0.2_management_engine5.2.2

▶NVDredhat/cloudforms_3.0.3_management_engine5.2.3

🔴Vulnerability Details

GHSA

GHSA-97hc-8rcf-x5ph: Red Hat CloudForms 3↗2022-05-17

▶

CVEList

CVE-2014-0140: Red Hat CloudForms 3↗2014-10-06

▶

📋Vendor Advisories

Red Hat

CFME: default routes expose controllers and actions↗2014-10-02

▶

💬Community

Bugzilla

CVE-2014-0140 CFME: default routes expose controllers and actions↗2014-03-17

▶