Vulnerabilities > Redhat > Cloudforms > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2020-25716 Unspecified vulnerability in Redhat Cloudforms
A flaw was found in Cloudforms.
network
low complexity
redhat
8.1
2020-08-11 CVE-2020-10783 Unspecified vulnerability in Redhat Cloudforms 4.7/5.0.0
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw.
network
low complexity
redhat
8.3
2019-12-13 CVE-2014-0197 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CFME: CSRF protection vulnerability via permissive check of the referrer header
network
low complexity
redhat CWE-352
8.8
2019-03-27 CVE-2019-5419 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
7.5
2019-03-27 CVE-2019-5418 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. 7.5
2018-11-30 CVE-2018-16476 Deserialization of Untrusted Data vulnerability in multiple products
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.
network
low complexity
rubyonrails redhat CWE-502
7.5
2018-10-31 CVE-2016-5402 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A code injection flaw was found in the way capacity and utilization imported control files are processed.
network
low complexity
redhat
8.8
2018-09-10 CVE-2016-7071 Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users.
network
low complexity
redhat CWE-285
8.8
2018-07-27 CVE-2017-12148 Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories.
network
low complexity
redhat CWE-20
7.2
2018-07-27 CVE-2017-2639 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift.
network
low complexity
redhat
7.5