Vulnerabilities > CVE-2014-3692 - Credentials Management vulnerability in Redhat Cloudforms 3.1 Management Engine 5.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
redhat
CWE-255
NVD
Published: 2015-01-16
Updated: 2023-02-13

Summary

The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Common Weakness Enumeration (CWE)

Redhat

advisories
rhsa
idRHSA-2015:0028
rpms
  • cfme-0:5.3.2.6-1.el6cf
  • cfme-appliance-0:5.3.2.6-1.el6cf
  • cfme-debuginfo-0:5.3.2.6-1.el6cf
  • cfme-lib-0:5.3.2.6-1.el6cf
  • mingw32-cfme-host-0:5.3.2.6-1.el6cf
  • ruby193-rubygem-fog-0:1.19.0-2.el6cf
  • ruby193-rubygem-linux_admin-0:0.9.4-1.el6cf

References