Vulnerabilities > Redhat > Cloudforms > 5.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-07 | CVE-2020-25716 | Unspecified vulnerability in Redhat Cloudforms A flaw was found in Cloudforms. | 8.1 |
| 2020-12-02 | CVE-2020-14369 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. | 6.3 |
| 2020-08-11 | CVE-2020-14325 | Unspecified vulnerability in Redhat Cloudforms Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. | 9.1 |
| 2020-08-11 | CVE-2020-10783 | Unspecified vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. | 8.3 |
| 2020-08-11 | CVE-2020-10779 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. | 6.5 |
| 2020-08-11 | CVE-2020-10778 | Incorrect Resource Transfer Between Spheres vulnerability in Redhat Cloudforms 4.7/5.0.0 In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. | 6.0 |
| 2020-08-11 | CVE-2020-10777 | Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0 A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. | 5.4 |