CVE-2014-3642

CWE-264 CWE-470 CWE-200 — Information Exposure6 documents6 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 40.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms 3.0.5 Management Engine Redhat Cloudforms 3.0.1 Management Engine Redhat Cloudforms 3.0.2 Management Engine +3 more

Timeline

PublishedOct 6

Latest updateMay 17

Description

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages6 packages

▶NVDredhat/cloudforms_3.0.5_management_engine5.2.5

▶NVDredhat/cloudforms_3.0_management_engine5.2

▶NVDredhat/cloudforms_3.0.1_management_engine5.2.1

▶NVDredhat/cloudforms_3.0.2_management_engine5.2.2

▶NVDredhat/cloudforms_3.0.3_management_engine5.2.3

🔴Vulnerability Details

GHSA

GHSA-xjwp-9jvp-98jf: vmdb/app/controllers/application_controller/performance↗2022-05-17

▶

CVEList

CVE-2014-3642: vmdb/app/controllers/application_controller/performance↗2014-10-06

▶

📋Vendor Advisories

Citrix

CVE-2015-3642: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x be↗2017-08-02

▶

Red Hat

CFME: dangerous send method in performance.rb↗2014-10-02

▶

💬Community

Bugzilla

CVE-2014-3642 CFME: dangerous send method in performance.rb↗2014-04-30

▶