Improper input validation in Redhat Cloudforms_3.0_management_engine

CVE-2014-0136

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (47.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Cloudforms_3.0_management_engine
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

RHSA-2014:1037 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
69233 (vdb-entry, x_refsource_BID)