RHEL 6 : cfme (RHSA-2015:0028)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0028 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

Important: Red Hat Security Advisory: CloudForms 4.6.6 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Crlf injection

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

Authorization

The checkprivileges method in vmdb/app/controllers/applicationcontroller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine CFME, allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbacuseredit action...

CVE-2014-0087

The checkprivileges method in vmdb/app/controllers/applicationcontroller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine CFME, allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbacuseredit action...

CVE-2014-0087

The checkprivileges method in vmdb/app/controllers/applicationcontroller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine CFME, allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbacuseredit action...

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Path Traversal

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def...

CVE-2014-0137

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

CVE-2014-0078

The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...

Sql injection

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

CVE-2014-0137

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

CVE-2014-0137

CFME/CloudForms contains an SQL injection in the saved_report_delete action of the ReportController (MiqReportResult.exists) that can be exploited by an authenticated remote user. Affected versions: Red Hat CloudForms Management Engine prior to 5.2.3.2. Reported remediation: upgrade to 5.2.3.2 or...

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...

Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

Directory traversal

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

Critical: Red Hat Security Advisory: Red Hat CloudForms Management Engine security update

The RHSA-2013:1157 update for Red Hat CloudForms Management Engine included an additional fix that was not documented in the erratum. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...