Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0028
HistoryJan 14, 2015 - 7:31 p.m.

(RHSA-2015:0028) Important: cfme security, bug fix, and enhancement update

2015-01-1419:31:39
access.redhat.com
19

0.005 Low

EPSS

Percentile

77.0%

JSON

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

It was found that CloudForms Management Engine exposed SQL filters via the
REST API without any input escaping. An authenticated user could use this
flaw to perform SQL injection attacks against the CloudForms Management
Engine database. (CVE-2014-7814)

It was found that the CloudForms Management Engine customization template
used a default root password for newly created images if no root password
was specified. (CVE-2014-3692)

These issues were discovered by the Red Hat CloudForms Team.

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes
document linked to in the References section.

All cfme users are advised to upgrade to these updated packages, which
contain correct these issues and add these enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat6srccfme< 5.3.2.6-1.el6cfcfme-5.3.2.6-1.el6cf.src.rpm
RedHat6x86_64cfme-appliance< 5.3.2.6-1.el6cfcfme-appliance-5.3.2.6-1.el6cf.x86_64.rpm
RedHat6x86_64cfme-lib< 5.3.2.6-1.el6cfcfme-lib-5.3.2.6-1.el6cf.x86_64.rpm
RedHat6srcruby193-rubygem-fog< 1.19.0-2.el6cfruby193-rubygem-fog-1.19.0-2.el6cf.src.rpm
RedHat6srcruby193-rubygem-linux_admin< 0.9.4-1.el6cfruby193-rubygem-linux_admin-0.9.4-1.el6cf.src.rpm
RedHat6x86_64mingw32-cfme-host< 5.3.2.6-1.el6cfmingw32-cfme-host-5.3.2.6-1.el6cf.x86_64.rpm
RedHat6noarchruby193-rubygem-fog< 1.19.0-2.el6cfruby193-rubygem-fog-1.19.0-2.el6cf.noarch.rpm
RedHat6noarchruby193-rubygem-linux_admin< 0.9.4-1.el6cfruby193-rubygem-linux_admin-0.9.4-1.el6cf.noarch.rpm
RedHat6x86_64cfme< 5.3.2.6-1.el6cfcfme-5.3.2.6-1.el6cf.x86_64.rpm
RedHat6x86_64cfme-debuginfo< 5.3.2.6-1.el6cfcfme-debuginfo-5.3.2.6-1.el6cf.x86_64.rpm

Related

prion 2
nvd 2
cve 2
veracode 2
cvelist 2
prion
prion
Default credentials
2015-01-16 16:59:00
Sql injection
2015-01-16 16:59:00
nvd
nvd
CVE-2014-3692
2015-01-16 16:59:01
CVE-2014-7814
2015-01-16 16:59:07
cve
cve
CVE-2014-3692
2015-01-16 16:59:01
CVE-2014-7814
2015-01-16 16:59:07
veracode
veracode
Insecure Defaults
2019-01-15 09:04:05
SQL Injection
2019-05-02 05:07:02
cvelist
cvelist
CVE-2014-7814
2015-01-16 16:00:00
CVE-2014-3692
2015-01-16 16:00:00

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for RHSA-2015:0028
prion2nvd2cve2veracode2cvelist2