CVE-2014-3692

{"id": "CVE-2014-3692", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-16T16:59:01.813", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/62255", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges."}, {"lang": "es", "value": "La plantilla customization en Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 utiliza una contrase\u00f1a por defecto para la cuenta de root cuando no se especifca una contrase\u00f1a para una imagen nueva, lo que permite a atacantes remotos ganar privilegios."}], "lastModified": "2023-02-13T00:42:12.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_3.1_management_engine:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "460F3BE0-E25A-412D-8D90-456B865A7F0B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}