Vulnerability Description
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms Management Engine | 5.1 |
| Redhat | Manageiq Enterprise Virtualization Manager | <= 5.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txtExploit
- http://secunia.com/advisories/56181
- http://www.securityfocus.com/bid/64524Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=959062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89984
- http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txtExploit
- http://secunia.com/advisories/56181
- http://www.securityfocus.com/bid/64524Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=959062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89984
FAQ
What is CVE-2013-2050?
CVE-2013-2050 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticat...
How severe is CVE-2013-2050?
CVE-2013-2050 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2050?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms Management Engine, Redhat Manageiq Enterprise Virtualization Manager.