Vulnerabilities > CVE-2014-0184 - Credentials Management vulnerability in Redhat Cloudforms 3.0 Management Engine

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

redhat

CWE-255

NVD

Published: 2014-07-07

Updated: 2023-02-13

Summary

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Cloudforms 3.0 Management Engine 5.2.1 Redhat Cloudforms 3.0 Management Engine - Redhat Cloudforms 3.0 Management Engine 5.2 Redhat Cloudforms 3.0 Management Engine 5.2.1.6 Redhat Cloudforms 3.0 Management Engine 5.2.2 Redhat Cloudforms 3.0 Management Engine 5.2.3 Redhat Cloudforms 3.0 Management Engine 5.2.3.2 Redhat Cloudforms 3.0 Management Engine 5.2.4	8

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Redhat

advisories

rhsa

id	RHSA-2014:0816

rpms

cfme-0:5.2.4.2-1.el6cf
cfme-appliance-0:5.2.4.2-1.el6cf
cfme-debuginfo-0:5.2.4.2-1.el6cf
cfme-lib-0:5.2.4.2-1.el6cf
mingw32-cfme-host-0:5.2.4.2-1.el6cf
ruby193-rubygem-actionpack-1:3.2.13-8.el6cf

References

http://rhn.redhat.com/errata/RHSA-2014-0816.html