Vulnerabilities > Redhat > Cloudforms > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-07 | CVE-2020-25716 | Unspecified vulnerability in Redhat Cloudforms A flaw was found in Cloudforms. | 8.1 |
2020-08-11 | CVE-2020-10783 | Unspecified vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. | 8.3 |
2019-12-13 | CVE-2014-0197 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header | 8.8 |
2019-03-27 | CVE-2019-5419 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | 7.5 |
2019-03-27 | CVE-2019-5418 | There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. | 7.5 |
2018-11-30 | CVE-2018-16476 | Deserialization of Untrusted Data vulnerability in multiple products A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. | 7.5 |
2018-10-31 | CVE-2016-5402 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine A code injection flaw was found in the way capacity and utilization imported control files are processed. | 8.8 |
2018-09-10 | CVE-2016-7071 | Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. | 8.8 |
2018-07-27 | CVE-2017-12148 | Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. | 7.2 |
2018-07-27 | CVE-2017-2639 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. | 7.5 |