Vulnerabilities > CVE-2019-14894 - Unspecified vulnerability in Redhat Cloudforms Management Engine 5.10/5.11

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
redhat

Summary

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.

Vulnerable Configurations

Part Description Count
Application
Redhat
2

Redhat

rpms
  • cfme-0:5.11.3.1-1.el8cf
  • cfme-amazon-smartstate-0:5.11.3.1-1.el8cf
  • cfme-appliance-0:5.11.3.1-1.el8cf
  • cfme-appliance-common-0:5.11.3.1-1.el8cf
  • cfme-appliance-tools-0:5.11.3.1-1.el8cf
  • cfme-gemset-0:5.11.3.1-1.el8cf
  • cfme-0:5.10.15.1-1.el7cf
  • cfme-amazon-smartstate-0:5.10.15.1-1.el7cf
  • cfme-appliance-0:5.10.15.1-1.el7cf
  • cfme-appliance-common-0:5.10.15.1-1.el7cf
  • cfme-appliance-debuginfo-0:5.10.15.1-1.el7cf
  • cfme-appliance-tools-0:5.10.15.1-1.el7cf
  • cfme-debuginfo-0:5.10.15.1-1.el7cf
  • cfme-gemset-0:5.10.15.1-1.el7cf
  • cfme-gemset-debuginfo-0:5.10.15.1-1.el7cf