CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

PT-2021-11172 · Red Hat · Cloudforms

Name of the Vulnerable Software and Affected Versions: Cloudforms versions prior to 5.11.10.1 Description: A role-based privileges escalation flaw exists, allowing the export or import of administrator files. This enables an attacker with a specific group to perform actions restricted to system...

RHEL 8 : CloudForms 5.0.10 (RHSA-2020:5554)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5554 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

Vulnerability fixed in Cloudforms

RedHat has fixed a vulnerability in CloudForms Management Engine. Due to a flaw in Role Based authorizations, an authorized malicious person is able to execute commands with administrator privileges, or gain access to sensitive data. This vulnerability was previously reported as the vulnerability...

Important: Red Hat Security Advisory: CloudForms 5.0.10 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Cloudforms: Incomplete fix for CVE-2020-10783

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

Red Hat CloudForms Cross-Site Request Forgery Vulnerability

Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. Red Hat CloudForms suffers from a cross-site request forgery...

CVE-2020-14369

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

CVE-2020-14369

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

Cross site request forgery (csrf)

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

CVE-2020-14369

CVE-2020-14369 is a CSRF issue affecting Red Hat CloudForms (CFME) via the cfme-gemset API notifications. The vulnerability allows an attacker to coerce an authenticated user into performing state-changing actions by forged HTTP requests, for example provisioning VMs or running Ansible playbooks,...

CVE-2020-14369

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

Red Hat CloudForms Security Vulnerability

Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides users with deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. Cloudforms has a security vulnerability that can be...

Information Disclosure

cloudforms is vulnerable to information disclosure. The user passwords are stored in a recoverable format, allowing an attacker to obtain the passwords in cleartext...

CloudForms: Cross Site Request Forgery in API notifications

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

Moderate: Red Hat Security Advisory: CloudForms 5.0.8 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 8 : CloudForms 5.0.8 (RHSA-2020:4134)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4134 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

CloudForms: Business logic bypass through widgets

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields...

CloudForms: User Impersonation in the API for OIDC and SAML

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request...