Vulnerabilities > Redhat > Cloudforms Management Engine > 5.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-11	CVE-2020-1733	Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. local high complexity redhat fedoraproject debian CWE-362	5.0
2020-02-19	CVE-2012-6685	XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks network low complexity nokogiri redhat CWE-776	7.5
2020-01-02	CVE-2019-14864	Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. network low complexity redhat debian opensuse	6.5
2019-12-15	CVE-2014-3536	Information Exposure Through Log Files vulnerability in Redhat Cloudforms Management Engine 5.0 CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration local low complexity redhat CWE-532	5.5
2019-12-13	CVE-2014-0197	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header network low complexity redhat CWE-352	8.8
2019-11-05	CVE-2013-6461	XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits network low complexity nokogiri debian redhat CWE-776	6.5
2019-11-05	CVE-2013-6460	XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents network low complexity nokogiri debian redhat CWE-776	6.5
2018-09-10	CVE-2016-7071	Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. network low complexity redhat CWE-285	8.8
2018-08-22	CVE-2017-7528	CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. low complexity redhat CWE-93	6.5
2018-07-27	CVE-2017-2632	Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. network low complexity redhat CWE-863	4.9

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.