{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-27T00:57:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:1037", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1037.html"}, {"name": "69233", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69233"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:05:39.026Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:1037", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1037.html"}, {"name": "69233", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69233"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0136", "datePublished": "2014-10-27T01:00:00.000Z", "dateReserved": "2013-12-03T00:00:00.000Z", "dateUpdated": "2024-08-06T09:05:39.026Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "0217FF0A-48CD-47C4-83EE-C59E427C1700", "versionEndIncluding": "5.2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors."}, {"lang": "es", "value": "Los m\u00e9todos (1) get y (2) log en AgentController en Red Hat CloudForms 3.0 Management Engine (CFME) 5.x permiten a atacantes remotos insertar texto arbitrario en ficheros del registro a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-0136", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-27T01:55:24.157", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1037.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/69233"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69233"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jan Rusnacko (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2014:1037", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "cfme-0:5.2.5.3-2.el6cf", "product_name": "CloudForms Management Engine 5.x", "release_date": "2014-08-13T00:00:00Z"}], "bugzilla": {"description": "CFME: AgentController get/log application log forging", "id": "1076669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076669"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-117", "details": ["The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.", "It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController."], "name": "CVE-2014-0136", "public_date": "2014-08-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0136\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0136"], "threat_severity": "Moderate"}

{}