Veracode Vulnerability DatabaseVERACODE:11573Insecure Defaults
0.005 Low
EPSS
Percentile
77.0%
cfme is vulnerable to insecure defaults. The vulnerability exists as the customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.
References
rhn.redhat.com/errata/RHSA-2015-0028.html
secunia.com/advisories/62255
access.redhat.com/documentation/en-US/CloudForms/3.1/html/Management_Engine_5.3_Technical_Notes/index.html
access.redhat.com/errata/RHSA-2015:0028
access.redhat.com/security/cve/CVE-2014-3692
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1145304
bugzilla.redhat.com/show_bug.cgi?id=1151258
bugzilla.redhat.com/show_bug.cgi?id=1161265
bugzilla.redhat.com/show_bug.cgi?id=1161761
bugzilla.redhat.com/show_bug.cgi?id=1162725
bugzilla.redhat.com/show_bug.cgi?id=1163384
bugzilla.redhat.com/show_bug.cgi?id=1163875
bugzilla.redhat.com/show_bug.cgi?id=1164034
bugzilla.redhat.com/show_bug.cgi?id=1164035
bugzilla.redhat.com/show_bug.cgi?id=1164036
bugzilla.redhat.com/show_bug.cgi?id=1165305
bugzilla.redhat.com/show_bug.cgi?id=1166214
bugzilla.redhat.com/show_bug.cgi?id=1166215
bugzilla.redhat.com/show_bug.cgi?id=1166286
bugzilla.redhat.com/show_bug.cgi?id=1166290
bugzilla.redhat.com/show_bug.cgi?id=1168336
bugzilla.redhat.com/show_bug.cgi?id=1168384
bugzilla.redhat.com/show_bug.cgi?id=1168564
bugzilla.redhat.com/show_bug.cgi?id=1170320
bugzilla.redhat.com/show_bug.cgi?id=1170682
bugzilla.redhat.com/show_bug.cgi?id=1170794
bugzilla.redhat.com/show_bug.cgi?id=1171343
bugzilla.redhat.com/show_bug.cgi?id=1171346
bugzilla.redhat.com/show_bug.cgi?id=1171821
bugzilla.redhat.com/show_bug.cgi?id=1171899
bugzilla.redhat.com/show_bug.cgi?id=1172491
bugzilla.redhat.com/show_bug.cgi?id=1179957
bugzilla.redhat.com/show_bug.cgi?id=1179959
rhn.redhat.com/errata/RHSA-2015-0028.html
Related
