Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2014-3486
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-07 Jul, 2014 | 14:55
Updated At-06 May, 2026 | 22:30

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>Versions up to 5.2.4(inclusive)
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>5.2
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>5.2.1
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>5.2.1.6
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>5.2.2
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>5.2.3
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cloudforms_3.0_management_engine>>5.2.3.2
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2014-0816.htmlsecalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/68300secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1107528secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2014-0816.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/68300af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1107528af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0816.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/68300
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1107528
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0816.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/68300
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1107528
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found