Vulnerabilities > Redhat > Cloudforms Management Engine > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-11 | CVE-2020-14296 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. | 7.1 |
2020-06-22 | CVE-2019-14894 | Unspecified vulnerability in Redhat Cloudforms Management Engine 5.10/5.11 A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. | 7.2 |
2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
2019-12-13 | CVE-2014-0197 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header | 8.8 |
2018-10-31 | CVE-2016-5402 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine A code injection flaw was found in the way capacity and utilization imported control files are processed. | 8.8 |
2018-09-10 | CVE-2016-7071 | Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. | 8.8 |
2018-07-27 | CVE-2017-2639 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. | 7.5 |
2018-07-26 | CVE-2017-7530 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. | 8.8 |
2018-07-24 | CVE-2018-10905 | OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. | 7.8 |
2018-05-01 | CVE-2013-2049 | Session Fixation vulnerability in Redhat Cloudforms Management Engine 2.0 Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | 7.5 |