Vulnerability Description
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms Management Engine | < 5.11.7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2020-14324Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1855713Issue TrackingVendor Advisory
- https://access.redhat.com/security/cve/cve-2020-14324Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1855713Issue TrackingVendor Advisory
FAQ
What is CVE-2020-14324?
CVE-2020-14324 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker whil...
How severe is CVE-2020-14324?
CVE-2020-14324 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14324?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms Management Engine.