CloudForms: Out-of-band OS Command Injection through conversion host

An out-of-band OS command injection vulnerability was found in Red Hat CloudForms. An authenticated malicious attacker could execute arbitrary commands on the server by sending a specially crafted request. The highest threat from this vulnerability is to data confidentiality and integrity as well...

Critical: Red Hat Security Advisory: CloudForms 4.7.16 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CloudForms: Missing access control leads to escalation of admin group privileges

A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator. Refer CVE-2020-25716 for remaining RBAC group fixes...

RHEL 7 : CloudForms 4.7.16 (RHSA-2020:3574)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3574 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

CVE-2020-14369

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...

CVE-2020-14296

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...

CVE-2020-14296

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

Input validation

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

Server side request forgery (ssrf)

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...

Command injection

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...

CVE-2020-10780

CVE-2020-10780 affects Red Hat CloudForms 4.7 and 5, where a CSV Injection flaw in Orchestration Templates can be triggered when a crafted CSV is exported and opened in Excel. The underlying issue is loosely validated parameters allowing CSV formulae to execute after the file is opened, enabling ...

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...

CVE-2020-14324

CVE-2020-14324 affects Red Hat CloudForms (cfme) and is described as an Out-of-band OS Command Injection via the conversion host during Infrastructure Migration. Impact: authenticated attacker can execute arbitrary commands on the CloudForms server. Affected software includes CloudForms before 5....

CVE-2020-10783

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files...

CVE-2020-10778

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior...