CVE-2014-0140
First published: Mon Mar 17 2014(Updated: )
IssueDescription: It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP(S) requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Cloudforms 3.0.1 Management Engine | =5.2.1 | |
| Redhat Cloudforms 3.0.2 Management Engine | =5.2.2 | |
| Redhat Cloudforms 3.0.3 Management Engine | =5.2.3 | |
| Redhat Cloudforms 3.0.4 Management Engine | =5.2.4 | |
| Redhat Cloudforms 3.0.5 Management Engine | <=5.2.5 | |
| Redhat Cloudforms 3.0 Management Engine | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0140
- vendor/redhat
- canonical/redhat cloudforms 3.0.1 management engine
- version/redhat cloudforms 3.0.1 management engine/5.2.1
- canonical/redhat cloudforms 3.0.2 management engine
- version/redhat cloudforms 3.0.2 management engine/5.2.2
- canonical/redhat cloudforms 3.0.3 management engine
- version/redhat cloudforms 3.0.3 management engine/5.2.3
- canonical/redhat cloudforms 3.0.4 management engine
- version/redhat cloudforms 3.0.4 management engine/5.2.4
- canonical/redhat cloudforms 3.0.5 management engine
- version/redhat cloudforms 3.0.5 management engine/5.2.5
- canonical/redhat cloudforms 3.0 management engine
- version/redhat cloudforms 3.0 management engine/5.2