Vulnerabilities > Redhat > Cloudforms Management Engine > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-11 | CVE-2014-0087 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | 8.8 |
2017-06-08 | CVE-2016-4457 | Cryptographic Issues vulnerability in Redhat Cloudforms Management Engine 5.7 CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | 7.5 |
2016-10-07 | CVE-2016-7040 | Improper Access Control vulnerability in Redhat Cloudforms Management Engine 4.1 Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. | 8.8 |