CFME: SSH Utility insecure tmp file creation leading to code execution as root

The 1 shellexec function in lib/util/MiqSshUtilV1.rb and 2 tempcmdfile function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name...

CFME: app/controllers/application_controller.rb wait_for_task DoS

The waitfortask function in app/controllers/applicationcontroller.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via unspecified vectors...

CFME: Default salt value in miq-password.rb

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix several security issues, multiple bugs, and add one enhancement are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

CFME: root password is written to evm.log when entered during VM provisioning

Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file...

CFME: reflected XSS in several places due to missing JavaScript escaping

Cross-site scripting XSS vulnerability in application/panelcontrol in CloudForms 3.0 Management Engine CFME before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-0078

The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...

CVE-2014-0137

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

Sql injection

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

Code injection

The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...

CVE-2014-0078

The CVE affects Red Hat CloudForms Management Engine (CFME)

CVE-2014-0137

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

CVE-2014-0137

CFME/CloudForms contains an SQL injection in the saved_report_delete action of the ReportController (MiqReportResult.exists) that can be exploited by an authenticated remote user. Affected versions: Red Hat CloudForms Management Engine prior to 5.2.3.2. Reported remediation: upgrade to 5.2.3.2 or...

CVE-2014-0078

The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...

Red Hat CloudForms AgentController Directory Traversal (CVE-2013-2068)

A directory traversal vulnerability has been reported in Red Hat CloudForms. This vulnerability is due to improper sanitization of of the "filename" GET parameter passed to the "linuxpkgs" method of the AgentController. A remote unauthenticated attacker can exploit this vulnerability by sending...

Red Hat CloudForms Management Engine SQL Injection (CVE-2013-2050)

An SQL injection has been reported in Red Hat CloudForms Management Engine. The vulnerability is due to improper sanitization of in the "explorer" action of "miqpolicy" controller. A remote attacker can exploit this vulnerability via the profile parameter in an explorer action...

PT-2014-3495 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is related to the MiqReportResult.exists function in the ReportController...

PT-2014-3466 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to delete arbitrary catalogs by guessing the catalog ID, specifically targeting the CatalogController. Recommendation...

CFME: multiple authorization bypass vulnerabilities in CatalogController

The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...

CFME: ReportController SQL injection

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...