Redhat Cloudforms
13 CVEs affecting Redhat Cloudforms. Latest disclosed: 2019-06-12. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-11610 | High | 8.8 | 2017-08-23 | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbi… |
CVE-2016-4471 | High | 8.8 | 2017-06-08 | ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. |
CVE-2016-5383 | High | 8.8 | 2016-08-26 | The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." |
CVE-2017-15123 | Medium | 5.3 | 2019-06-12 | A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An atta… |
CVE-2015-7502 | Medium | 5.1 | 2016-04-11 | Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL… |
CVE-2014-0057 | | 2014-03-18 | The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attacke… | |
CVE-2014-0081 | | 2014-02-20 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3… | |
CVE-2013-6443 | | 2014-01-23 | CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site reque… | |
CVE-2012-5604 | | 2013-03-01 | The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authenticatio… | |
CVE-2012-5605 | | 2013-01-04 | Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache fil… | |
CVE-2012-5603 | | 2013-01-04 | proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer… | |
CVE-2012-4574 | | 2013-01-04 | Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading th… | |
CVE-2012-3538 | | 2013-01-04 | Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by… |