Vulnerability in Redhat Cloudforms_3.0_management_engine
CVE-2014-3486
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a syml…
EPSS: 0.002 (38.9th percentile) — read the EPSS interpretation.
Affected products
- Redhat Cloudforms_3.0_management_engine — versions 5.2, 5.2.1, 5.2.1.6
- N/a — versions n/a
Weakness classification (CWE)
References
- 68300 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2014:0816 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)