Vulnerabilities > Redhat > Cloudforms > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-07 | CVE-2020-25716 | Unspecified vulnerability in Redhat Cloudforms A flaw was found in Cloudforms. | 8.1 |
| 2020-12-02 | CVE-2020-14369 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. | 6.8 |
| 2020-08-11 | CVE-2020-14325 | Incorrect Authorization vulnerability in Redhat Cloudforms Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. | 6.4 |
| 2017-06-08 | CVE-2016-4471 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | 6.5 |
| 2013-01-04 | CVE-2012-5605 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms 1.0 Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. | 2.1 |
| 2013-01-04 | CVE-2012-5603 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms 1.0 proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. | 5.5 |
| 2013-01-04 | CVE-2012-4574 | Credentials Management vulnerability in Redhat Cloudforms 1.0 Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. | 2.1 |
| 2013-01-04 | CVE-2012-3538 | Credentials Management vulnerability in Redhat Cloudforms 1.0 Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | 3.3 |