Red Hat CloudForms Management Engine Remote Code Execution Vulnerability (CNVD-2016-11916)

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. A remote code execution vulnerability exists in Red Hat CFME. An attacker could exploit this vulnerability to execute arbitrary code...

Important: Red Hat Security Advisory: CFME 5.6.3 security, bug fix, and enhancement update

An update is now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

cfme: RCE via Capacity & Utilization feature

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as...

Red Hat CloudForms Denial of Service Vulnerability

Red Hat CloudForms is a suite of IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. The solution creates and manages private and public clouds and has the ability to manage the application lifecycle. A denial of service vulnerability exists in Red Hat CloudForms. A remot...

CVE-2016-7071

It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

Important: Red Hat Security Advisory: CFME 5.6.2.2 security, and bug fix update

An update for cfme is now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CFME: bypass authorization by altering VM ID

It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

Red Hat CloudForms Management Engine Arbitrary Command Execution Vulnerability

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. An arbitrary command execution vulnerability exists in Red Hat CFME version 4.1, which can be exploited by remote attackers to execute arbitrary...

CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...

CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...

Design/Logic Flaw

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...

CVE-2016-7040

CVE-2016-7040 affects Red Hat CloudForms Management Engine (CFME) 4.1. A input-validation flaw in how CFME handles regular expressions passed to the expression engine via the JSON API and the web UI allows remote authenticated users to execute arbitrary shell commands by viewing/filtering collect...

CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...

CVE-2016-7040

An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via both the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the...

cfme: Incorrect sanitization in regular expression engine

An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via both the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the...

CVE-2016-5383

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."...

CVE-2016-5383

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."...

Code injection

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."...

CVE-2016-5383

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."...

CVE-2016-5383

The CVE-2016-5383 issue affects Red Hat CloudForms Management Engine (CFME) 4.1, where the web UI did not properly filter input in certain fields, allowing remote authenticated attackers to execute arbitrary code on the host. Root cause: insufficient input filtering (listed as “Lack of field filt...