CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0087

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2014-0087

Redhat » Cloudforms Management Engine » Version: N/A

cpe:2.3:a:redhat:cloudforms_management_engine:-
Redhat » Cloudforms Management Engine » Version: 2.0

cpe:2.3:a:redhat:cloudforms_management_engine:2.0
Redhat » Cloudforms Management Engine » Version: 4.1

cpe:2.3:a:redhat:cloudforms_management_engine:4.1
Redhat » Cloudforms Management Engine » Version: 4.7

cpe:2.3:a:redhat:cloudforms_management_engine:4.7
Redhat » Cloudforms Management Engine » Version: 5.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.0
Redhat » Cloudforms Management Engine » Version: 5.1

cpe:2.3:a:redhat:cloudforms_management_engine:5.1
Redhat » Cloudforms Management Engine » Version: 5.2

cpe:2.3:a:redhat:cloudforms_management_engine:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0087

Products

Pricing

Contact Us