Vulnerabilities > Redhat > Cloudforms Management Engine > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-11 CVE-2014-0087 Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.
network
low complexity
redhat CWE-264
8.8
2017-06-08 CVE-2016-4457 Cryptographic Issues vulnerability in Redhat Cloudforms Management Engine 5.7
CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
network
low complexity
redhat CWE-310
7.5
2016-10-07 CVE-2016-7040 Improper Access Control vulnerability in Redhat Cloudforms Management Engine 4.1
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
network
low complexity
redhat CWE-284
8.8