Vulnerabilities > CVE-2020-14296 - Server-Side Request Forgery (SSRF) vulnerability in Redhat Cloudforms Management Engine 4.7/5.0

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
NONE
network
low complexity
redhat
CWE-918

Summary

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.

Vulnerable Configurations

Part Description Count
Application
Redhat
2

Common Weakness Enumeration (CWE)