V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2014-3642
CVE
Medium

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote auth…

CVSS
6.0
Medium
EPSS
0.01
p66
Published
2014-01-01
Updated
2014-01-01
Description

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."

Tags · CWE
CWE-264
CWE-470
CAPEC-138
Affected products
CertmongerCfmeCfme-vnc-pluginLibdnetMod_authnz_pamMod_intercept_form_submitMod_lookup_identityNetapp-manageability-sdkOpen-vm-toolsPrincePyliblzmaRuby193-rubygem-platformRuby193-rubygem-actionmailerRuby193-rubygem-actionpackRuby193-rubygem-actionwebserviceRuby193-rubygem-active_hashRuby193-rubygem-activemodelRuby193-rubygem-activerecordRuby193-rubygem-activeresourceRuby193-rubygem-activesupport
CVSS vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Timeline
2014-01-01
Published
2014-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: S
Single
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.013 · p66
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Red Hat
CfmeRuby193-rubygem-ruby ParserRuby193-rubygem-actionpackRuby193-rubygem-fogPyliblzmaRuby193-rubygem-pgRuby193-rubygem-ruby2rubyRuby193-rubygem-daemonsRuby193-rubygem-activerecordRuby193-rubygem-excon+179
ProductVendorStatus
certmongerTracked
cfmeTracked
cfme-vnc-pluginTracked
libdnetTracked
mod_authnz_pamTracked
mod_intercept_form_submitTracked
mod_lookup_identityTracked
netapp-manageability-sdkTracked
open-vm-toolsTracked
princeTracked
pyliblzmaTracked
ruby193-rubygem-PlatformTracked
ruby193-rubygem-actionmailerTracked
ruby193-rubygem-actionpackTracked
ruby193-rubygem-actionwebserviceTracked
ruby193-rubygem-active_hashTracked
ruby193-rubygem-activemodelTracked
ruby193-rubygem-activerecordTracked
ruby193-rubygem-activeresourceTracked
ruby193-rubygem-activesupportTracked
Showing first 20 of 189
Source databases
CVE
RED