CVE-2014-0136: Input Validation
First published: Mon Oct 27 2014(Updated: )
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat CloudForms Management Engine | <=5.2.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0136?
CVE-2014-0136 has a medium severity rating due to its potential for log manipulation by remote attackers.
How do I fix CVE-2014-0136?
To fix CVE-2014-0136, update Red Hat CloudForms Management Engine to version 5.2.5.3 or later.
What are the potential impacts of CVE-2014-0136?
The potential impacts of CVE-2014-0136 include unauthorized access to log files and the possibility of log injection attacks.
Is CVE-2014-0136 applicable to my version of Red Hat CloudForms?
CVE-2014-0136 affects Red Hat CloudForms 3.0 Management Engine versions up to and including 5.2.5.3.
Can CVE-2014-0136 be exploited remotely?
Yes, CVE-2014-0136 can be exploited remotely by attackers to insert arbitrary text into log files.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat cloudforms management engine
- version/red hat cloudforms management engine/5.2.5.3