Vulnerabilities > Redhat > Cloudforms Management Engine

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2014-8164 Improper Certificate Validation vulnerability in Redhat Cloudforms Management Engine 5.0
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.
network
low complexity
redhat CWE-295
critical
9.1
2020-08-11 CVE-2020-14324 OS Command Injection vulnerability in Redhat Cloudforms Management Engine
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0.
network
low complexity
redhat CWE-78
critical
9.1
2020-08-11 CVE-2020-14296 Server-Side Request Forgery (SSRF) vulnerability in Redhat Cloudforms Management Engine 4.7/5.0
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw.
network
low complexity
redhat CWE-918
7.1
2020-08-11 CVE-2020-10780 Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel.
network
low complexity
redhat CWE-1236
6.3
2020-06-22 CVE-2019-14894 Unspecified vulnerability in Redhat Cloudforms Management Engine 5.10/5.11
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup.
network
low complexity
redhat
7.2
2020-03-31 CVE-2019-14905 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices.
local
low complexity
redhat fedoraproject opensuse CWE-668
5.6
2020-03-16 CVE-2020-1740 A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files.
local
high complexity
redhat debian fedoraproject
4.7
2020-03-16 CVE-2020-1738 Argument Injection or Modification vulnerability in Redhat products
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified.
local
high complexity
redhat CWE-88
3.9
2020-03-16 CVE-2020-1736 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified.
local
low complexity
redhat fedoraproject CWE-732
3.3
2020-03-16 CVE-2020-1735 A flaw was found in the Ansible Engine when the fetch module is used.
local
low complexity
redhat debian fedoraproject
4.6