CVE-2014-0136

Published: Oct 27, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.

Affected (1)

Products: Redhat: Cloudforms 3.0 Management Engine

Redhat

1 product

Cloudforms 3.0 Management Engine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms 3.0 Management Engine	Up to 5.2.5.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://rhn.redhat.com/errata/RHSA-2014-1037.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/69233

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1037.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/69233

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.