Redhat Cloudforms_management_engine
7 CVEs affecting Redhat Cloudforms_management_engine. Latest disclosed: 2017-06-08. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-7040 | High | 8.8 | 2016-10-07 | Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, wh… |
CVE-2016-4457 | High | 7.5 | 2017-06-08 | CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. |
CVE-2016-3702 | Medium | 5.3 | 2017-04-21 | Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. |
CVE-2015-7502 | Medium | 5.1 | 2016-04-11 | Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL… |
CVE-2013-2050 | | 2014-01-11 | SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager… | |
CVE-2013-2068 | | 2013-09-28 | Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite… | |
CVE-2013-4172 | | 2013-08-23 | The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. |