Vulnerabilities > Redhat > Cloudforms

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2020-25716 Unspecified vulnerability in Redhat Cloudforms
A flaw was found in Cloudforms.
network
low complexity
redhat
8.1
2020-12-02 CVE-2020-14369 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated.
network
low complexity
redhat CWE-352
6.3
2020-08-11 CVE-2020-14325 Unspecified vulnerability in Redhat Cloudforms
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles.
network
low complexity
redhat
critical
9.1
2020-08-11 CVE-2020-10783 Unspecified vulnerability in Redhat Cloudforms 4.7/5.0.0
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw.
network
low complexity
redhat
8.3
2020-08-11 CVE-2020-10779 Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check.
network
low complexity
redhat CWE-639
6.5
2020-08-11 CVE-2020-10778 Incorrect Resource Transfer Between Spheres vulnerability in Redhat Cloudforms 4.7/5.0.0
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation.
network
low complexity
redhat CWE-669
6.0
2020-08-11 CVE-2020-10777 Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5.
network
low complexity
redhat CWE-79
5.4
2019-12-13 CVE-2014-0197 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CFME: CSRF protection vulnerability via permissive check of the referrer header
network
low complexity
redhat CWE-352
8.8
2019-11-04 CVE-2013-4423 Insufficiently Protected Credentials vulnerability in Redhat Cloudforms 3.0
CloudForms stores user passwords in recoverable format
local
low complexity
redhat CWE-522
5.5
2019-11-01 CVE-2013-0186 Cross-site Scripting vulnerability in Redhat products
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1