The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-0078 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 4 |
---|---|
Base Metrics | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
CloudForms Management Engine 5.4 (cfme) | RHSA-2014:0469 | 2014-05-12 |