Vulnerabilities > Redhat > Cloudforms Management Engine > 5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2653 | Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. | 6.5 |
| 2018-07-27 | CVE-2017-15125 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. | 5.4 |
| 2018-07-26 | CVE-2017-2664 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. | 6.5 |
| 2018-07-26 | CVE-2017-7530 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. | 8.8 |
| 2018-01-11 | CVE-2014-0087 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | 8.8 |
| 2017-04-21 | CVE-2016-3702 | Information Exposure vulnerability in Redhat Cloudforms Management Engine 5.0 Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | 5.3 |