Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/cfme@5.2.4.2-1?arch=el6cf
purl pkg:rpm/redhat/cfme@5.2.4.2-1?arch=el6cf
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-35rt-t6e1-pfa6
Aliases:
CVE-2014-0130
GHSA-6x85-j5j2-27jx
Directory Traversal Vulnerability With Certain Route Configurations The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server. There are no reported fixed by versions.
VCID-9p4g-4z1t-jfca
Aliases:
CVE-2014-0184
CFME: root password is written to evm.log when entered during VM provisioning There are no reported fixed by versions.
VCID-enjr-t724-c3g2
Aliases:
CVE-2014-0176
CFME: reflected XSS in several places due to missing JavaScript escaping There are no reported fixed by versions.
VCID-g74c-dmyc-8khb
Aliases:
CVE-2014-0197
CFME: CSRF protection vulnerability in referrer header There are no reported fixed by versions.
VCID-p2th-zbdt-uqbs
Aliases:
CVE-2014-0180
CFME: app/controllers/application_controller.rb wait_for_task DoS There are no reported fixed by versions.
VCID-qt97-y6q8-6qdh
Aliases:
CVE-2014-3486
CFME: SSH Utility insecure tmp file creation leading to code execution as root There are no reported fixed by versions.
VCID-ux9r-1v3d-bqgy
Aliases:
CVE-2014-3489
CFME: Default salt value in miq-password.rb There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:47:55.804054+00:00 RedHat Importer Affected by VCID-35rt-t6e1-pfa6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json 38.0.0
2026-04-01T14:47:34.877509+00:00 RedHat Importer Affected by VCID-ux9r-1v3d-bqgy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3489.json 38.0.0
2026-04-01T14:47:34.839410+00:00 RedHat Importer Affected by VCID-qt97-y6q8-6qdh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3486.json 38.0.0
2026-04-01T14:47:34.780703+00:00 RedHat Importer Affected by VCID-g74c-dmyc-8khb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0197.json 38.0.0
2026-04-01T14:47:34.742786+00:00 RedHat Importer Affected by VCID-9p4g-4z1t-jfca https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0184.json 38.0.0
2026-04-01T14:47:34.707744+00:00 RedHat Importer Affected by VCID-p2th-zbdt-uqbs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0180.json 38.0.0
2026-04-01T14:47:34.671679+00:00 RedHat Importer Affected by VCID-enjr-t724-c3g2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0176.json 38.0.0