Vulnerabilities > Redhat > Cloudforms Management Engine

DATE CVE VULNERABILITY TITLE RISK
2019-06-12 CVE-2017-15123 Missing Authentication for Critical Function vulnerability in Redhat Cloudforms Management Engine
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only.
network
low complexity
redhat CWE-306
5.3
2018-10-31 CVE-2016-5402 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A code injection flaw was found in the way capacity and utilization imported control files are processed.
network
low complexity
redhat
8.8
2018-09-11 CVE-2016-7047 Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2.
network
low complexity
redhat CWE-200
4.3
2018-09-10 CVE-2016-7071 Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users.
network
low complexity
redhat CWE-285
8.8
2018-08-22 CVE-2017-7528 CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection.
low complexity
redhat CWE-93
6.5
2018-07-27 CVE-2017-2632 Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have.
network
low complexity
redhat CWE-863
4.9
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
2018-07-27 CVE-2017-7497 Unspecified vulnerability in Redhat Cloudforms Management Engine 5.7.2/5.8.0
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user.
network
low complexity
redhat
4.3
2018-07-27 CVE-2017-15125 Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input.
network
low complexity
redhat CWE-79
5.4
2018-07-27 CVE-2017-2639 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift.
network
low complexity
redhat
7.5