Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

CVE-2014-0057

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

Design/Logic Flaw

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

CVE-2014-0057

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

CVE-2014-0057

CVE-2014-0057 affects Red Hat CloudForms Management Engine 5.2 (ServiceController, x_button method). The vulnerability allows remote attackers to invoke arbitrary methods via unsanitized input, enabling potential arbitrary code execution or other impact as described by CVE details (base score 7.5...

PT-2014-3454 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine version 5.2 Description: The issue allows remote attackers to execute arbitrary methods via unspecified vectors, due to a problem in the x button method in the ServiceController. Recommendations: For Red H...

CFME: Dangerous send in ServiceController

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

Critical: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, whic...

CVE-2013-6443

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protectfromforgery mechanism and conduct cross-site request forgery CSRF attacks via a destructive action in a request...

Cross site request forgery (csrf)

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protectfromforgery mechanism and conduct cross-site request forgery CSRF attacks via a destructive action in a request...

CVE-2013-6443

CVE-2013-6443 affects CloudForms 3.0 Management Engine prior to 5.2.1.6, where a GET request for a destructive action could bypass Rails protect_from_forgery and enable CSRF exploitation. The issue arises in the CloudForms web application where CSRF protections could be bypassed, allowing unautho...

CVE-2013-6443

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protectfromforgery mechanism and conduct cross-site request forgery CSRF attacks via a destructive action in a request...

CFME: GET request CSRF vulnerability

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protectfromforgery mechanism and conduct cross-site request forgery CSRF attacks via a destructive action in a request...

Moderate: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

CVE-2013-2050

SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...

Sql injection

SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...

CVE-2013-2050

SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...

CVE-2013-2050

The CVE-2013-2050 issue is a SQL injection vulnerability in the miq_policy controller of Red Hat CloudForms Management Engine (CFME) 5.1 and older, and ManageIQ Enterprise Virtualization Manager 5.0 and older. The vulnerability leverages the explorer action via the profile[] parameter, allowing r...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'bcrypt' require 'digest' require 'openssl' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 miqpolicy/explorer SQL Injection',...

Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal

This Metasploit module exploits a path traversal vulnerability in the "linuxpkgs" action of "agent" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier. It uploads a fake controller to the controllers directory of the Rails...