Unrated severityNVD Advisory· Published May 14, 2014· Updated May 6, 2026

CVE-2014-0078

Description

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

Affected products

Red Hat/Cloudforms 3.0 Management Engine4 versions
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*range: <=5.2.3
- cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2014-0469.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000