RCE in Redhat Cloudforms

CVE-2014-0057

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.007 (72.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References