Cloudforms Management Engine@5.9 Security Vulnerabilities and Issues — Cloudforms Management Engine@5.9 CVE List

Lucene search

RedhatCloudforms Management Engine5.9

3 matches found

CVE•added 2018/07/24 1:29 p.m.•86 views

CVE-2018-10905

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

7.8CVSS7.3AI score0.00127EPSS

CVE•added 2019/11/22 12:15 p.m.•66 views

CVE-2018-10854

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

6.5CVSS5.1AI score0.00261EPSS

CVE•added 2019/06/27 9:15 p.m.•64 views

CVE-2019-10177

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malici...

6.5CVSS6.2AI score0.004EPSS