Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Critical: Red Hat Security Advisory: CloudForms 4.7.16 security, bug fix and enhancement update

🗓️ 27 Aug 2020 16:03:08Reported by RedHatType 
redhat
 redhat🔗 access.redhat.com👁 50 Views

Red Hat CloudForms Management Engine - Security, Fix and Enhancement

Related
Refs
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the CloudForms Management Engine, a software platform for managing virtual environments, arises from the lack of measures taken to eliminate special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary commands.
12 Aug 202000:00
bdu_fstec
BDU FSTEC		The vulnerability of the CloudForms Management Engine, a software platform for managing virtual environments, relates to authentication errors. This vulnerability allows an attacker to create existing or new users for access control based on roles and groups.
12 Aug 202000:00
bdu_fstec
BDU FSTEC		The vulnerability of the CloudForms Management Engine, a software platform for managing virtual environments, related to access control deficiencies, allows attackers to increase their privileges.
12 Aug 202000:00
bdu_fstec
BDU FSTEC		The vulnerability of the CloudForms Management Engine, a software platform for managing virtual environments, stems from deficiencies in its authentication mechanism. This allows attackers to edit widgets that are only intended for reading purposes.
12 Aug 202000:00
bdu_fstec
Circl		CVE-2020-10778
11 Aug 202016:55
circl
Circl		CVE-2020-10783
11 Aug 202016:55
circl
Circl		CVE-2020-14324
11 Aug 202018:55
circl
Circl		CVE-2020-14325
11 Aug 202016:55
circl
CNVD		Red Hat CloudForms Path Traversal Vulnerability
5 Aug 202000:00
cnvd
CNVD		Red Hat CloudForms OS Command Injection Vulnerability
5 Aug 202000:00
cnvd
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jun 2026 22:44Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.19.1
CVSS 26.5
EPSS0.02515
cloudforms management engineruby on railssecurity fixcommand injectionuser impersonationbusiness logic bypassaccess controlbug fixenhancement updatecve-2020-14324cve-2020-14325cve-2020-10778cve-2020-10783cvss score
50