Vulnerabilities > Redhat > Cloudforms > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-07 | CVE-2020-25716 | Unspecified vulnerability in Redhat Cloudforms A flaw was found in Cloudforms. | 8.1 |
| 2020-12-02 | CVE-2020-14369 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. | 6.8 |
| 2020-08-11 | CVE-2020-14325 | Incorrect Authorization vulnerability in Redhat Cloudforms Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. | 6.4 |
| 2017-06-08 | CVE-2016-4471 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | 6.5 |
| 2016-04-11 | CVE-2015-7502 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | 5.1 |