Vulnerabilities > Redhat > Cloudforms Management Engine > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-27 CVE-2019-10177 Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 5.10/5.9
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized.
network
low complexity
redhat CWE-79
6.5
2019-06-12 CVE-2017-15123 Missing Authentication for Critical Function vulnerability in Redhat Cloudforms Management Engine
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only.
network
low complexity
redhat CWE-306
5.3
2018-09-11 CVE-2016-7047 Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2.
network
low complexity
redhat CWE-200
4.3
2018-08-22 CVE-2017-7528 CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection.
low complexity
redhat CWE-93
6.5
2018-07-27 CVE-2017-2632 Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have.
network
low complexity
redhat CWE-863
4.9
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
2018-07-27 CVE-2017-7497 Unspecified vulnerability in Redhat Cloudforms Management Engine 5.7.2/5.8.0
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user.
network
low complexity
redhat
4.3
2018-07-27 CVE-2017-15125 Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input.
network
low complexity
redhat CWE-79
5.4
2018-07-26 CVE-2017-2664 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms.
network
low complexity
redhat
6.5
2017-04-21 CVE-2016-3702 Information Exposure vulnerability in Redhat Cloudforms Management Engine 5.0
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
network
low complexity
redhat CWE-200
5.3