Moderate: Red Hat Security Advisory: CloudForms 4.6.5 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

Important: Red Hat Security Advisory: CloudForms 4.5.5 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Design/Logic Flaw

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access...

CVE-2016-7047

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access...

CVE-2016-7047

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access...

CVE-2016-7047

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access...

CVE-2016-7047

CVE-2016-7047 affects Red Hat CloudForms Management Engine (CloudForms API) before versions 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with MiqReportResults API permission could view data from other tenants or groups, causing information disclosure. Connected Red Hat advisories indicate broader CloudFo...

CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

Code injection

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

CVE-2016-7071

CVE-2016-7071 concerns Red Hat CloudForms/CFME where, prior to updates 5.6.2.2 and 5.7.0.7, permissions were not properly enforced for VM IDs supplied by users. A remote, authenticated attacker could exploit this to execute arbitrary VMs on managed systems if they knows the VM ID. The connected R...

CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

Important: Red Hat Security Advisory: CloudForms 4.6.4 security, bug fix, and enhancement update

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Red Hat CloudForms Management Engine CRLF Injection Vulnerability

Red Hat CloudForms Management Engine is a management engine for IaaS cloud service solutions. A CRLF injection vulnerability in Ansible Tower for Red Hat CloudForms Management Engine allows remote attackers to submit a special X-Forwarded-For packet header request to obtain sensitive information...

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

Crlf injection

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

CVE-2017-7528

CRLF Injection in Ansible Tower shipped with Red Hat CloudForms Management Engine 5 is triggered via the X-Forwarded-For header, allowing internal servers to deploy other systems through a callback mechanism. This mode is documented in CVE-2017-7528; the vulnerability affects the Ansible Tower co...

Red Hat CloudForms Unauthorized Operation Vulnerability

Red Hat CloudForms is a suite of IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. The solution creates and manages private and public clouds and has the ability to manage the application lifecycle. A security vulnerability exists in Red Hat CloudForms. An attacker could...