CVE-2019-14894
HIGHCloudForms Management Engine 5.10-5.11 - Authenticated Remote Code Execution via NFS Schedule Backup
Title source: llmDescription
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894
Scores
CVSS v3
8.0
EPSS
0.0248
EPSS Percentile
85.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
CWE-20
Status
published
Products (2)
redhat/cloudforms_management_engine
5.10
redhat/cloudforms_management_engine
5.11
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026