Lucene search
K
RedhatCloudforms 3.0 Management Engine

13 matches found

CVE
CVE
added 2014/03/18 2:0 p.m.91 views

CVE-2014-0057

CVE-2014-0057 affects Red Hat CloudForms Management Engine 5.2 (ServiceController, x_button method). The vulnerability allows remote attackers to invoke arbitrary methods via unsanitized input, enabling potential arbitrary code execution or other impact as described by CVE details (base score 7.5...

7.5CVSS6.6AI score0.01587EPSS
CVE
CVE
added 2014/07/07 2:0 p.m.83 views

CVE-2014-3486

The CVE-2014-3486 entry affects Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2. A local attacker could exploit a symlink attack on a temporary file with a predictable name via two components: the shell_exec function in lib/util/MiqSshUtilV1.rb and the temp_cmd_file function in lib...

6.9CVSS7.2AI score0.00354EPSS
CVE
CVE
added 2014/01/23 1:0 a.m.78 views

CVE-2013-6443

CVE-2013-6443 affects CloudForms 3.0 Management Engine prior to 5.2.1.6, where a GET request for a destructive action could bypass Rails protect_from_forgery and enable CSRF exploitation. The issue arises in the CloudForms web application where CSRF protections could be bypassed, allowing unautho...

6.8CVSS7AI score0.00602EPSS
CVE
CVE
added 2014/07/07 2:0 p.m.67 views

CVE-2014-0180

CVE-2014-0180 affects Red Hat CloudForms 3.0 Management Engine (CFME) before version 5.2.4.2. The wait_for_task() function in app/controllers/application_controller.rb can, under certain conditions, enter an infinite loop, causing sustained CPU usage and a denial of service on the host running CF...

5CVSS6.6AI score0.01832EPSS
CVE
CVE
added 2014/07/07 2:0 p.m.67 views

CVE-2014-0184

CVE-2014-0184 affects Red Hat CloudForms 3.0 CFME; the root password was logged to evm.log during VM deployment, enabling local users to read sensitive credentials. This is a local-privilege exposure stemming from a logging flaw. Impact per sources is sensitive information disclosure (root access...

4.9CVSS5.8AI score0.00403EPSS
CVE
CVE
added 2014/07/07 2:0 p.m.64 views

CVE-2014-0176

CVE-2014-0176 is a cross-site scripting (XSS) flaw in CloudForms 3.0 Management Engine (CFME) prior to 5.2.4.2, affecting the application/panel_control component. The vulnerability allows remote attackers to inject arbitrary web script/HTML via unspecified vectors in CFME. The issue has been ackn...

4.3CVSS5.7AI score0.01429EPSS
CVE
CVE
added 2014/07/07 2:0 p.m.64 views

CVE-2014-3489

CVE-2014-3489 affects Red Hat CloudForms 3.0 Management Engine (CFME); lib/util/miq-password.rb uses a hard-coded salt, enabling easier brute-force guessing of stored passwords by remote attackers. Documented impact: password guessing via brute force; exposure depends on access to stored credenti...

4.3CVSS6.5AI score0.01586EPSS
CVE
CVE
added 2017/10/18 2:0 p.m.60 views

CVE-2014-7813

CVE-2014-7813 affects Red Hat CloudForms 3 Management Engine (CFME). The vulnerability allows remote authenticated users to cause a denial of service (resource consumption) through crafted usage involving Ruby on Rails .to_sym calls and lack of garbage collection for inserted symbols. CVSS metric...

6.5CVSS6.1AI score0.01044EPSS
CVE
CVE
added 2014/05/14 7:0 p.m.57 views

CVE-2014-0137

CFME/CloudForms contains an SQL injection in the saved_report_delete action of the ReportController (MiqReportResult.exists) that can be exploited by an authenticated remote user. Affected versions: Red Hat CloudForms Management Engine prior to 5.2.3.2. Reported remediation: upgrade to 5.2.3.2 or...

6.5CVSS8.2AI score0.0143EPSS
CVE
CVE
added 2014/10/06 2:0 p.m.57 views

CVE-2014-0140

Red Hat CloudForms Management Engine (CFME) prior to 5.3 is affected. An authenticated user could access sensitive controllers and actions via direct HTTP(S) requests, enabling possible privilege escalation. The issue is documented under CVE-2014-0140 and addressed in Red Hat’s RHSA-2014:1317; re...

4CVSS6.4AI score0.0124EPSS
CVE
CVE
added 2014/10/06 2:0 p.m.53 views

CVE-2014-3642

CVE-2014-3642 affects Red Hat CloudForms 3.1 Management Engine (CFME) prior to 5.3. The vulnerability resides in vmdb/app/controllers/application_controller/performance.rb with an insecure send method, allowing remote authenticated users to gain privileges via unspecified vectors (privilege escal...

6.5CVSS6.7AI score0.01285EPSS
CVE
CVE
added 2014/10/27 1:0 a.m.52 views

CVE-2014-0136

CVE-2014-0136 affects Red Hat CloudForms 3.0 Management Engine (CFME) 5.x, where the AgentController’s get and log methods allow remote attackers to insert arbitrary text into log files. The root cause is unsanitized user input written to log files from the AgentController, enabling arbitrary con...

5CVSS6.9AI score0.01567EPSS
CVE
CVE
added 2014/05/14 7:0 p.m.50 views

CVE-2014-0078

The CVE affects Red Hat CloudForms Management Engine (CFME)

4CVSS6.5AI score0.01019EPSS