Privilege Escalation via Insecure Send Method in Red Hat CloudForms 3.1 Management Engine (CFME)

Privilege Escalation via Insecure Send Method in Red Hat CloudForms 3.1 Management Engine (CFME)

CVE-2014-3642 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."

Learn more about our Cloud Audit.