666 matches found
CVE-2018-10905
CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...
CVE-2018-10905
CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...
CVE-2018-10905
CVE-2018-10905 affects Red Hat CloudForms Management Engine (cfme) via an improper access control in the dRuby (DRb) component. A local attacker with access to an unprivileged shell can execute arbitrary commands as a highly privileged user (root). The issue is documented across Red Hat advisorie...
Important: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update
An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
PT-2018-3011 · Red Hat · Cloudforms
Name of the Vulnerable Software and Affected Versions: CloudForms versions 5.8 through 5.9 Description: A flaw was found in CloudForms's v2v infrastructure mapping delete feature, allowing for a stored cross-site scripting attack due to improper sanitization of user input in the Name field. The...
Red Hat CloudForms 2 Management Engine Tampering Vulnerability
Red Hat CloudForms 2 Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. A security vulnerability exists in Red Hat CFME. A remote attacker could exploit the vulnerability to tamper with a session by using a static...
CVE-2018-1117
Due to a missing nolog directive, the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosed admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation...
Important: Red Hat Security Advisory: CloudForms 4.6.2 bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Code injection
Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...
CVE-2013-2049
Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...
CVE-2013-2049
CFME/Red Hat CloudForms 2 Management Engine is affected by a vulnerability caused by a static secret_token.rb secret, enabling remote attackers to tamper sessions. Based on provided sources, the impact is session integrity (high for CVSS3) with network access and no authentication; CVSS2/3 base s...
Red Hat CloudForms Management Engine Design Vulnerability
The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. A security vulnerability exists in the CloudForms account configuration in Red Hat CFME. An attacker could use the vulnerability to view and change...
Moderate: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
cloudforms: XSS in self-service UI snapshot feature
A flaw was found in CloudForms in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP Content Securi...
CVE-2017-12191
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC VMWare Remote Console functions that may not be appropriate for users of CloudForms and thus this account. An attacker could use this vulnerability t...
CVE-2017-12191
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC VMWare Remote Console functions that may not be appropriate for users of CloudForms and thus this account. An attacker could use this vulnerability t...
Design/Logic Flaw
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC VMWare Remote Console functions that may not be appropriate for users of CloudForms and thus this account. An attacker could use this vulnerability t...
Important: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update
An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CFME: VMRC plugin console grants users administrative access
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC VMWare Remote Console functions that may not be appropriate for users of CloudForms and thus this account. An attacker could use this vulnerability t...
CVE-2017-12191
The CVE-2017-12191 entry describes a CloudForms/Vmware issue where the CloudForms account configuration uses a shared, privileged account for VMRC functions. This flaws allows attackers to view and modify VMRC settings and the controlled virtual machines. Red Hat RHSA-2018:0374 documents a securi...