CVE-2014-0184

CWE-255 CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 67.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms 3.0 Management Engine

Timeline

PublishedJul 7

Latest updateMay 17

Description

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

▶NVDredhat/cloudforms_3.0_management_engine5.2.4+6

🔴Vulnerability Details

GHSA

GHSA-jm4h-7jwg-289v: Red Hat CloudForms 3↗2022-05-17

▶

CVEList

CVE-2014-0184: Red Hat CloudForms 3↗2014-07-07

▶

📋Vendor Advisories

Red Hat

CFME: root password is written to evm.log when entered during VM provisioning↗2014-06-30

▶

💬Community

Bugzilla

CVE-2014-0184 CFME: root password is written to evm.log when entered during VM provisioning↗2014-04-18

▶