Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cloudforms Security Vulnerabilities

cve
cve

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects ...

6.3CVSS

6.3AI Score

0.001EPSS

2020-08-11 02:15 PM
30
cve
cve

CVE-2020-10783

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.

8.3CVSS

8AI Score

0.001EPSS

2020-08-11 01:15 PM
62
cve
cve

CVE-2020-14296

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.

7.1CVSS

6.8AI Score

0.001EPSS

2020-08-11 02:15 PM
30
cve
cve

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to ...

9.1CVSS

9.3AI Score

0.001EPSS

2020-08-11 02:15 PM
64
cve
cve

CVE-2020-14325

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform an...

9.1CVSS

9.1AI Score

0.002EPSS

2020-08-11 01:15 PM
35
cve
cve

CVE-2020-14369

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file...

6.3CVSS

6.4AI Score

0.001EPSS

2020-12-02 03:15 PM
35
cve
cve

CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest t...

8.1CVSS

8AI Score

0.001EPSS

2021-06-07 09:15 PM
70
4
Total number of security vulnerabilities57