Vulnerabilities > Redhat > Cloudforms Management Engine > 5.7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-14324 | OS Command Injection vulnerability in Redhat Cloudforms Management Engine A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. | 6.5 |
| 2019-12-13 | CVE-2014-0197 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header | 8.8 |
| 2018-09-11 | CVE-2016-7047 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. | 4.3 |
| 2018-07-27 | CVE-2017-2653 | Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. | 6.5 |
| 2018-07-27 | CVE-2017-7497 | Improper Access Control vulnerability in Redhat Cloudforms Management Engine 5.7.2/5.8.0 The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. | 4.3 |
| 2018-07-27 | CVE-2017-15125 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. | 3.5 |
| 2018-07-26 | CVE-2017-2664 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. | 4.0 |
| 2018-07-26 | CVE-2017-7530 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. | 6.5 |