VYPR

Cloudforms 3.1 Management Engine

by Red Hat

CVEs (3)

  • CVE-2014-7814Jan 16, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.

  • CVE-2014-3692Jan 16, 2015
    risk 0.00cvss epss 0.03

    The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.

  • CVE-2014-3642Oct 6, 2014
    risk 0.00cvss epss 0.01

    vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."