RedhatCVELIST:CVE-2019-14894CVE-2019-14894
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.8%
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.
CNA Affected
[
{
"product": "CloudForms",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"status": "affected",
"version": "5.11"
}
]
}
]Related
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.8%