Cloudforms Management Engine Security Vulnerabilities and Issues — Cloudforms Management Engine CVE List

Lucene search

RedhatCloudforms Management Engine

7 matches found

CVE•added 2019/12/15 10:15 p.m.•84 views

CVE-2014-3536

CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

5.5CVSS5.4AI score0.00104EPSS

CVE•added 2019/11/22 12:15 p.m.•66 views

CVE-2018-10854

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

6.5CVSS5.1AI score0.00261EPSS

CVE•added 2019/06/27 9:15 p.m.•64 views

CVE-2019-10177

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malici...

6.5CVSS6.2AI score0.004EPSS

CVE•added 2019/06/12 2:29 p.m.•59 views

CVE-2017-15123

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.

5.3CVSS4.9AI score0.00245EPSS

CVE•added 2019/12/13 1:15 p.m.•58 views

CVE-2014-0197

CFME: CSRF protection vulnerability via permissive check of the referrer header

8.8CVSS8.7AI score0.00356EPSS

CVE•added 2019/11/05 3:15 p.m.•57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS

CVE•added 2019/11/05 3:15 p.m.•47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS