Vulnerabilities > Redhat > Cloudforms > 5.0.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2020-25716 Unspecified vulnerability in Redhat Cloudforms
A flaw was found in Cloudforms.
network
low complexity
redhat
8.1
2020-12-02 CVE-2020-14369 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated.
network
low complexity
redhat CWE-352
6.3
2020-08-11 CVE-2020-14325 Unspecified vulnerability in Redhat Cloudforms
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles.
network
low complexity
redhat
critical
9.1
2020-08-11 CVE-2020-10783 Unspecified vulnerability in Redhat Cloudforms 4.7/5.0.0
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw.
network
low complexity
redhat
8.3
2020-08-11 CVE-2020-10779 Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check.
network
low complexity
redhat CWE-639
6.5
2020-08-11 CVE-2020-10778 Incorrect Resource Transfer Between Spheres vulnerability in Redhat Cloudforms 4.7/5.0.0
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation.
network
low complexity
redhat CWE-669
6.0
2020-08-11 CVE-2020-10777 Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5.
network
low complexity
redhat CWE-79
5.4