Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cloudforms Security Vulnerabilities - 2013

cve
cve

CVE-2012-3538

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.

6.1AI Score

0.001EPSS

2013-01-04 10:55 PM
28
cve
cve

CVE-2012-4574

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

6.3AI Score

0.0004EPSS

2013-01-04 10:55 PM
30
cve
cve

CVE-2012-5603

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.

6.2AI Score

0.002EPSS

2013-01-04 10:55 PM
32
cve
cve

CVE-2012-5604

The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.

7AI Score

0.001EPSS

2013-03-01 05:40 AM
44
cve
cve

CVE-2012-5605

Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.

6.2AI Score

0.0004EPSS

2013-01-04 10:55 PM
28