Vulnerabilities > CVE-2020-14296 - Server-Side Request Forgery (SSRF) vulnerability in Redhat Cloudforms Management Engine 4.7/5.0

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

redhat

CWE-918

NVD

Published: 2020-08-11

Updated: 2020-08-12

Summary

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Cloudforms Management Engine 4.7 Redhat Cloudforms Management Engine 5.0	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://access.redhat.com/security/cve/cve-2020-14296
https://bugzilla.redhat.com/show_bug.cgi?id=1847860