What is CVE-2013-2050?

CVE-2013-2050 is a vulnerability in Redhat Cloudforms_management_engine, classified under SQL Injection. Published 2014-01-11.

Is CVE-2013-2050 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Redhat Cloudforms_management_engine

CVE-2013-2050

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL comma…

Vulnerability class: SQL Injection

EPSS: 0.542 (98.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Cloudforms_management_engine — versions 5.1
Redhat Manageiq_enterprise_virtualization_manager
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

secalert@redhat.com (Exploit, x_refsource_MISC)
56181 (x_refsource_SECUNIA, third-party-advisory)
64524 (Exploit, vdb-entry, x_refsource_BID)
cloudforms-cve20132050-sql-injection(89984) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2013-2050?: CVE-2013-2050 is a vulnerability in Redhat Cloudforms_management_engine, classified under SQL Injection. Published 2014-01-11.
Is CVE-2013-2050 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.