Vulnerabilities > Redhat > Cloudforms Management Engine > 4.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-14324 | OS Command Injection vulnerability in Redhat Cloudforms Management Engine A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. | 6.5 |
| 2020-08-11 | CVE-2020-14296 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. | 5.5 |
| 2020-08-11 | CVE-2020-10780 | Improper Input Validation vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. | 4.9 |
| 2019-11-22 | CVE-2018-10854 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 4.7/5.8/5.9 cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. | 5.4 |
| 2018-09-10 | CVE-2016-7071 | Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. | 8.8 |
| 2018-07-27 | CVE-2017-2632 | Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. | 4.0 |
| 2018-07-27 | CVE-2017-2653 | Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. | 6.5 |
| 2018-07-27 | CVE-2017-15125 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. | 3.5 |
| 2018-07-26 | CVE-2017-2664 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. | 4.0 |
| 2018-07-26 | CVE-2017-7530 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. | 6.5 |