Vulnerabilities > Redhat > Cloudforms Management Engine > 5.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-14324 | OS Command Injection vulnerability in Redhat Cloudforms Management Engine A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. | 6.5 |
| 2019-12-13 | CVE-2014-0197 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header | 8.8 |
| 2019-11-22 | CVE-2018-10854 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 4.7/5.8/5.9 cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. | 5.4 |
| 2019-06-12 | CVE-2017-15123 | Missing Authentication for Critical Function vulnerability in Redhat Cloudforms Management Engine A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. | 5.0 |
| 2018-09-11 | CVE-2016-7047 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. | 4.3 |
| 2018-07-27 | CVE-2017-15125 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. | 3.5 |
| 2018-07-27 | CVE-2017-2639 | Improper Certificate Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. | 7.5 |
| 2018-07-26 | CVE-2017-2664 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. | 4.0 |
| 2018-07-24 | CVE-2018-10905 | OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. | 7.2 |