{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-16T15:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "62255", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62255"}, {"name": "RHSA-2015:0028", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:18.336Z"}, "title": "CVE Program Container", "references": [{"name": "62255", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62255"}, {"name": "RHSA-2015:0028", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3692", "datePublished": "2015-01-16T16:00:00.000Z", "dateReserved": "2014-05-14T00:00:00.000Z", "dateUpdated": "2024-08-06T10:50:18.336Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_3.1_management_engine:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "460F3BE0-E25A-412D-8D90-456B865A7F0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges."}, {"lang": "es", "value": "La plantilla customization en Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 utiliza una contrase\u00f1a por defecto para la cuenta de root cuando no se especifca una contrase\u00f1a para una imagen nueva, lo que permite a atacantes remotos ganar privilegios."}], "id": "CVE-2014-3692", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-16T16:59:01.813", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62255"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Red Hat CloudForms Team.", "affected_release": [{"advisory": "RHSA-2015:0028", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "cfme-0:5.3.2.6-1.el6cf", "product_name": "CloudForms Management Engine 5.3", "release_date": "2015-01-14T00:00:00Z"}, {"advisory": "RHSA-2015:0028", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby193-rubygem-fog-0:1.19.0-2.el6cf", "product_name": "CloudForms Management Engine 5.3", "release_date": "2015-01-14T00:00:00Z"}, {"advisory": "RHSA-2015:0028", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5::el6", "package": "ruby193-rubygem-linux_admin-0:0.9.4-1.el6cf", "product_name": "CloudForms Management Engine 5.3", "release_date": "2015-01-14T00:00:00Z"}], "bugzilla": {"description": "CFME: default fallback password in customization_templates.yml", "id": "1151258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151258"}, "csaw": false, "cvss": {"cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:N/A:N", "status": "verified"}, "cwe": "CWE-798", "details": ["The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.", "It was found that the CloudForms Management Engine customization template used a default root password for newly created images if no root password was specified."], "name": "CVE-2014-3692", "public_date": "2014-10-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3692\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3692"], "threat_severity": "Low"}

{}