Vulnerabilities > CVE-2020-14296 - Server-Side Request Forgery (SSRF) vulnerability in Redhat Cloudforms Management Engine 4.7/5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |