Vulnerability Details CVE-2019-14894
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 9.0
References
Products affected by CVE-2019-14894
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.10
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.11