CVE-2014-0078

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
14/05/2014
Last modified:
12/04/2025

Description

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:* 5.2.3 (including)
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*