RHEL 7 : Red Hat CloudForms (RHSA-2018:0374)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0374 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...

RHEL 7 : CloudForms 4.6.2 update (Important) (RHSA-2018:1328)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1328 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

RHEL 7 : CloudForms 4.7.5 (RHSA-2019:1429)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1429 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

SUSE CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

RHEL 8 : CloudForms 5.0.3 (RHSA-2020:0588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0588 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

RHEL 7 : CloudForms 4.7.15 (RHSA-2020:0589)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0589 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

CVE-2014-8164

A insecure configuration for certificate verification http.verifymode = OpenSSL::SSL::VERIFYNONE may lead to verification bypass in Red Hat CloudForms 5.x...

Default configuration

A insecure configuration for certificate verification http.verifymode = OpenSSL::SSL::VERIFYNONE may lead to verification bypass in Red Hat CloudForms 5.x...

CVE-2014-8164

A insecure configuration for certificate verification http.verifymode = OpenSSL::SSL::VERIFYNONE may lead to verification bypass in Red Hat CloudForms 5.x...

CVE-2014-8164

CVE-2014-8164 describes an insecure certificate verification configuration (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) that may enable verification bypass in Red Hat CloudForms 5.x. The connected documents corroborate that the issue affects the CloudForms Management Engine and related componen...

Red Hat CloudForms Management Engine 信任管理问题漏洞

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure-as-a-Service cloud service solutions from Red Hat, USA. A security vulnerability exists in the Red Hat CloudForms Management Engine that stems from an insecure configuration of certificate validation...

GHSA-5XV2-Q475-RWRH Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

GHSA-9WHH-582R-589H ldap_fluff authentication bypass

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

ldap_fluff authentication bypass

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

Design/Logic Flaw

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

CVE-2020-25716

CVE-2020-25716 affects CloudForms (CFME) prior to version 5.11.10.1, enabling a role-based privilege escalation via export/import of administrator files by a user in a specific group. The flaw stems from an incomplete fix for CVE-2020-10783 and can compromise data confidentiality and integrity; t...