Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudforms vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2017-2664
CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate...
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.6
Redhat Cloudforms 4.2
312
VMScore
CVE-2020-10777
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
Redhat Cloudforms 4.7
Redhat Cloudforms 5.0.0
578
VMScore
CVE-2020-10778
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Redhat Cloudforms 4.7
Redhat Cloudforms 5.0.0
356
VMScore
CVE-2020-10779
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.
Redhat Cloudforms 4.7
Redhat Cloudforms 5.0.0
580
VMScore
CVE-2020-10783
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
Redhat Cloudforms 4.7
Redhat Cloudforms 5.0.0
605
VMScore
CVE-2013-6443
CloudForms 3.0 Management Engine prior to 5.2.1.6 allows remote malicious users to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
Redhat Cloudforms 3.0
Redhat Cloudforms 3.0 Management Engine 5.2
Redhat Cloudforms 3.0 Management Engine
578
VMScore
CVE-2017-7530
In CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execut...
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.5
605
VMScore
CVE-2014-0197
CFME: CSRF protection vulnerability via permissive check of the referrer header
Redhat Cloudforms 3.0
Redhat Cloudforms Management Engine
356
VMScore
CVE-2017-2653
A number of unused delete routes are present in CloudForms prior to 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an malicious user to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would...
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.2
445
VMScore
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an malicious user to spoof RHEV or OpenShift systems and po...
Redhat Cloudforms 4.5
Redhat Cloudforms Management Engine 5.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »