CVE-2014-3692

Published: Jan 16, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.

Affected (1)

Products: Redhat: Cloudforms 3.1 Management Engine

Redhat

1 product

Cloudforms 3.1 Management Engine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms 3.1 Management Engine	Version 5.3

Related CWEs

CWE-255

References (4)

http://rhn.redhat.com/errata/RHSA-2015-0028.html

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/62255

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0028.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/62255

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.