Vulnerabilities > Redhat > Cloudforms > 3.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2020-25716 Unspecified vulnerability in Redhat Cloudforms
A flaw was found in Cloudforms.
network
low complexity
redhat
8.1
2020-12-02 CVE-2020-14369 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated.
network
low complexity
redhat CWE-352
6.3
2020-08-11 CVE-2020-14325 Unspecified vulnerability in Redhat Cloudforms
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles.
network
low complexity
redhat
critical
9.1
2019-12-13 CVE-2014-0197 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CFME: CSRF protection vulnerability via permissive check of the referrer header
network
low complexity
redhat CWE-352
8.8
2019-11-04 CVE-2013-4423 Insufficiently Protected Credentials vulnerability in Redhat Cloudforms 3.0
CloudForms stores user passwords in recoverable format
local
low complexity
redhat CWE-522
5.5
2019-11-01 CVE-2013-0186 Cross-site Scripting vulnerability in Redhat products
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
2017-06-08 CVE-2016-4471 Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
network
low complexity
redhat CWE-264
8.8