Vulnerabilities > Redhat > Cloudforms > 4.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-07 | CVE-2020-25716 | Unspecified vulnerability in Redhat Cloudforms A flaw was found in Cloudforms. | 8.1 |
| 2020-12-02 | CVE-2020-14369 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. | 6.8 |
| 2020-08-11 | CVE-2020-14325 | Incorrect Authorization vulnerability in Redhat Cloudforms Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. | 6.4 |
| 2018-09-11 | CVE-2016-7047 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. | 4.3 |
| 2018-07-27 | CVE-2017-12148 | Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. | 9.0 |
| 2018-07-27 | CVE-2017-2639 | Improper Certificate Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. | 7.5 |
| 2018-07-26 | CVE-2017-7530 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. | 6.5 |
| 2018-07-24 | CVE-2018-10905 | OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. | 7.2 |
| 2018-06-26 | CVE-2018-3760 | Information Exposure vulnerability in multiple products There is an information leak vulnerability in Sprockets. | 5.0 |
| 2018-05-02 | CVE-2018-1104 | Code Injection vulnerability in Redhat Ansible Tower and Cloudforms Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 6.5 |