Cloudforms Management Engine@4.7 Security Vulnerabilities and Issues — Cloudforms Management Engine@4.7 CVE List

Lucene search

RedhatCloudforms Management Engine4.7

3 matches found

CVE•added 2019/11/22 12:15 p.m.•66 views

CVE-2018-10854

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

6.5CVSS5.1AI score0.00261EPSS

CVE•added 2020/08/11 2:15 p.m.•51 views

CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects ...

6.3CVSS6.3AI score0.00401EPSS

CVE•added 2020/08/11 2:15 p.m.•49 views

CVE-2020-14296

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.

7.1CVSS6.8AI score0.00152EPSS