Cloudforms 3.1 Management Engine
by Red Hat
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7814 | 0.00 | — | 0.01 | Jan 16, 2015 | SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |||
| CVE-2014-3692 | 0.00 | — | 0.03 | Jan 16, 2015 | The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges. | |||
| CVE-2014-3642 | 0.00 | — | 0.01 | Oct 6, 2014 | vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method." |
- CVE-2014-7814Jan 16, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
- CVE-2014-3692Jan 16, 2015risk 0.00cvss —epss 0.03
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.
- CVE-2014-3642Oct 6, 2014risk 0.00cvss —epss 0.01
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."