Red Hat CloudForms Management Engine Remote Code Execution Vulnerability

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. A remote code execution vulnerability exists in Red Hat CFME. An attacker could exploit this vulnerability to execute arbitrary code in the context...

CVE-2016-4471

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...

CVE-2016-5383

It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms...

Important: Red Hat Security Advisory: CFME 5.6.1 security, bug fix, and enhancement update

An update for cfme is now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CloudForms: Lack of field filters on user input

It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms...

Red Hat CloudForms Management Engine Information Disclosure Vulnerability (CNVD-2016-05110)

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. An information disclosure vulnerability exists in Red Hat CFME. An attacker could exploit this vulnerability to obtain sensitive information...

Red Hat CloudForms Management Engine Security Bypass Vulnerability

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. A security bypass vulnerability exists in Red Hat CFME. An attacker could exploit this vulnerability to conduct a man-in-the-middle attack or spoof...

Low: Red Hat Bug Fix Advisory: CFME 5.6.0 bug fixes and enhancement update

Updated cfme packages that fix bugs and add various enhancements are now available for Red Hat CloudForms 4.1. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is buil...

cfme: Privilege escalation causing arbitrary code execution

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...

CVE-2016-4457

CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for...

Red Hat CloudForms Management Engine Information Disclosure Vulnerability

Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. A security vulnerability exists in Red Hat CFME versions 5.4.4 CloudForms version 3.2 and 5.5.0 CloudForms version 4.0, which stems from the program...

CVE-2015-7502

Red Hat CloudForms 3.2 Management Engine CFME 5.4.4 and CloudForms 4.0 Management Engine CFME 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to 1 database exports o...

Code injection

Red Hat CloudForms 3.2 Management Engine CFME 5.4.4 and CloudForms 4.0 Management Engine CFME 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to 1 database exports o...

CVE-2015-7502

Summary: CVE-2015-7502 affects Red Hat CloudForms Management Engine (CFME) 3.2/5.4.4 and CFME 4.0/5.5.0. The issue is improper encryption of data stored in the backend PostgreSQL database, enabling local attackers to access sensitive information by exploiting access to database exports or log fil...

CVE-2015-7502

Red Hat CloudForms 3.2 Management Engine CFME 5.4.4 and CloudForms 4.0 Management Engine CFME 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to 1 database exports o...

PT-2016-3798 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 3.2 Management Engine CFME version 5.4.4 Red Hat CloudForms 4.0 Management Engine CFME version 5.5.0 Description: The issue is related to improper encryption of data in the backend PostgreSQL database. This might allow loca...

(RHSA-2016:0297) Low: Red Hat CloudForms 3.0 - End Of Life Notice

In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0...

RHEL 6 / 7 : Satellite 6.1.5 update (Moderate) (RHSA-2015:2622)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2622 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

CloudForms: insecure password storage in PostgreSQL database

A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain acce...

Moderate: Red Hat Security Advisory: Satellite 6.1.5 bug fix update

Updated Satellite 6.1 packages that fix one security issue, add one enhancement, and fix several bugs are available for Satellite 6.1.5. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...