Vulnerabilities > Redhat > Cloudforms

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
2018-07-27 CVE-2017-12148 Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories.
network
low complexity
redhat CWE-20
7.2
2018-07-27 CVE-2017-2639 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift.
network
low complexity
redhat
7.5
2018-07-26 CVE-2017-2664 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms.
network
low complexity
redhat
6.5
2018-07-26 CVE-2017-7530 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users.
network
low complexity
redhat
8.8
2018-07-24 CVE-2018-10905 OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms.
local
low complexity
redhat CWE-78
7.8
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9
2018-06-26 CVE-2018-3760 Information Exposure vulnerability in multiple products
There is an information leak vulnerability in Sprockets.
network
low complexity
redhat sprockets-project debian CWE-200
7.5
2018-06-26 CVE-2018-1000544 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
network
low complexity
rubyzip-project debian redhat CWE-434
critical
9.8
2018-05-31 CVE-2018-11627 Cross-site Scripting vulnerability in multiple products
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
network
low complexity
sinatrarb redhat CWE-79
6.1