PT-2014-3494 · Red Hat · Red Hat Cloudforms
Published
2014-10-27
·
Updated
2023-02-13
·
CVE-2014-0136
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat CloudForms 3.0 Management Engine (CFME) version 5.x
Description
The issue concerns the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME), where the
get and log methods allow remote attackers to insert arbitrary text into log files.Recommendations
For version 5.x, consider restricting access to the AgentController to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the
log method in the AgentController to prevent arbitrary text insertion into log files.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Cloudforms