Vulnerabilities > Redhat > Cloudforms > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2632 Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have.
network
low complexity
redhat CWE-863
4.9
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
2018-07-26 CVE-2017-2664 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms.
network
low complexity
redhat
6.5
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9
2018-05-31 CVE-2018-11627 Cross-site Scripting vulnerability in multiple products
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
network
low complexity
sinatrarb redhat CWE-79
6.1
2016-04-11 CVE-2015-7502 Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.
local
high complexity
redhat CWE-200
5.1