Vulnerabilities > Theforeman > Foreman > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-26 | CVE-2021-20260 | Insufficiently Protected Credentials vulnerability in Theforeman Foreman A flaw was found in the Foreman project. | 7.8 |
| 2022-08-22 | CVE-2021-3590 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Foreman project. | 8.8 |
| 2021-12-23 | CVE-2021-3584 | A server side remote code execution vulnerability was found in Foreman project. | 7.2 |
| 2019-08-01 | CVE-2014-8183 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. | 7.4 |
| 2018-06-21 | CVE-2017-2672 | Improper Privilege Management vulnerability in multiple products A flaw was found in foreman before version 1.15 in the logging of adding and registering images. | 8.8 |
| 2018-04-16 | CVE-2016-9593 | Credentials Management vulnerability in multiple products foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. | 8.8 |
| 2018-04-04 | CVE-2018-1097 | A flaw was found in foreman before 1.16.1. | 8.8 |
| 2017-10-06 | CVE-2015-5246 | 7PK - Security Features vulnerability in Theforeman Foreman 1.9.0 The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | 8.1 |
| 2017-07-17 | CVE-2015-5152 | Information Exposure vulnerability in Theforeman Foreman Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | 8.1 |
| 2017-05-26 | CVE-2017-7505 | Improper Privilege Management vulnerability in Theforeman Foreman Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | 8.8 |