CVE-2014-0140

Опубликовано: 02 окт. 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.

It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP(S) requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-749

https://bugzilla.redhat.com/show_bug.cgi?id=1077359CFME: default routes expose controllers and actions

EPSS

Процентиль: 39%

0.00171

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-0140

nvd

больше 11 лет назад

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.

GHSA-97hc-8rcf-x5ph

github