Cloudforms Management Engine@* Security Vulnerabilities and Issues — Cloudforms Management Engine@* CVE List

RedhatCloudforms Management Engine*

8 matches found

CVE•added 2020/08/11 1:19 p.m.•99 views

CVE-2020-14324

CVE-2020-14324 affects Red Hat CloudForms (cfme) and is described as an Out-of-band OS Command Injection via the conversion host during Infrastructure Migration. Impact: authenticated attacker can execute arbitrary commands on the CloudForms server. Affected software includes CloudForms before 5....

9.1CVSS9.3AI score0.02515EPSS

CVE•added 2018/07/27 3:0 p.m.•91 views

CVE-2017-15125

CloudForms is affected by CVE-2017-15125 due to a stored XSS flaw in the self-service UI snapshot feature where the name field is not properly sanitized for HTML/JavaScript input. An attacker could exploit this to execute a stored XSS attack against an application administrator; CSP mitigates the...

6.5CVSS5.2AI score0.00934EPSS

CVE•added 2018/07/27 7:0 p.m.•74 views

CVE-2017-2632

CVE-2017-2632 affects Red Hat CloudForms Management Engine (CFME) where a logic error in valid_role() could let a tenant administrator create groups with higher privileges. Technical details across connected sources show the issue exists in CFME versions prior to the fixed releases (e.g., CFME 5....

4.9CVSS5AI score0.01472EPSS

CVE•added 2018/07/26 1:0 p.m.•69 views

CVE-2017-7530

CVE-2017-7530 affects CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1, where privilege checks can be bypassed when API users trigger arbitrary methods via VMs filtered by MiqExpression. This could let an attacker perform disallowed actions (e.g., destroying VMs). The i...

8.8CVSS8.8AI score0.01703EPSS

CVE•added 2018/07/26 2:0 p.m.•66 views

CVE-2017-2664

CloudForms Management Engine (cfme) is affected by CVE-2017-2664. The issue is a lack of RBAC controls on certain methods in the Rails application, enabling privilege escalation for an attacker with access. Affected versions are cfme before 5.7.3 and 5.8.x before 5.8.1. Red Hat advisories RHSA-20...

6.5CVSS6.4AI score0.01319EPSS

CVE•added 2018/09/10 3:0 p.m.•61 views

CVE-2016-7071

CVE-2016-7071 concerns Red Hat CloudForms/CFME where, prior to updates 5.6.2.2 and 5.7.0.7, permissions were not properly enforced for VM IDs supplied by users. A remote, authenticated attacker could exploit this to execute arbitrary VMs on managed systems if they knows the VM ID. The connected R...

9CVSS8.8AI score0.02197EPSS

CVE•added 2018/07/27 6:0 p.m.•61 views

CVE-2017-2653

CVE-2017-2653 affects Red Hat CloudForms Management Engine (CFME) and components cfme, cfme-appliance, and cfme-gemset on Red Hat Enterprise Linux 7. Unused delete routes could be reachable via GET requests, bypassing CSRF protection and enabling route usage, potentially in conjunction with addit...

6.5CVSS6.1AI score0.01387EPSS

CVE•added 2018/01/11 4:0 p.m.•56 views

CVE-2014-0087

Affected product: ManageIQ / Red Hat CloudForms Management Engine (CFME). Issue: The check_privileges method in vmdb/app/controllers/application_controller.rb allows remote authenticated users to bypass authorization by exploiting improper RBAC checking, specifically related to the rbac_user_edit...

8.8CVSS8.5AI score0.01847EPSS