Cloudforms@4.7 Security Vulnerabilities and Issues — Cloudforms@4.7 CVE List

Lucene search

RedhatCloudforms4.7

10 matches found

CVE•added 2019/04/20 12:29 a.m.•2191 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS

CVE•added 2019/03/27 2:29 p.m.•302 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.5CVSS8.3AI score0.94309EPSS

CVE•added 2019/03/27 2:29 p.m.•248 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.8CVSS8.1AI score0.09057EPSS

CVE•added 2018/05/31 7:29 p.m.•240 views

CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

6.1CVSS5.8AI score0.00395EPSS

CVE•added 2019/09/25 10:15 p.m.•133 views

CVE-2019-16892

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

7.1CVSS5.3AI score0.00235EPSS

CVE•added 2019/06/14 2:29 p.m.•96 views

CVE-2019-10159

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

4.3CVSS4.4AI score0.00215EPSS

CVE•added 2020/08/11 1:15 p.m.•84 views

CVE-2020-10778

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

6.5CVSS5.8AI score0.0036EPSS

CVE•added 2020/08/11 1:15 p.m.•81 views

CVE-2020-10783

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.

8.3CVSS8AI score0.00351EPSS

CVE•added 2020/08/11 1:15 p.m.•62 views

CVE-2020-10777

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.

5.4CVSS5.1AI score0.00325EPSS

CVE•added 2020/08/11 1:15 p.m.•52 views

CVE-2020-10779

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.

6.5CVSS6.5AI score0.0018EPSS