| Max CVSS | 6.9 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3489 | 4.3 |
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.
|
13-02-2023 - 00:39 | 07-07-2014 - 14:55 | |
| CVE-2014-3486 | 6.9 |
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack
|
13-02-2023 - 00:39 | 07-07-2014 - 14:55 | |
| CVE-2014-0184 | 4.9 |
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
|
13-02-2023 - 00:35 | 07-07-2014 - 14:55 | |
| CVE-2014-0176 | 4.3 |
Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
13-02-2023 - 00:35 | 07-07-2014 - 14:55 | |
| CVE-2014-0180 | 5.0 |
The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors
|
13-02-2023 - 00:35 | 07-07-2014 - 14:55 |