Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudforms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an malicious user to spoof RHEV or OpenShift systems and po...
Redhat Cloudforms 4.5
Redhat Cloudforms Management Engine 5.8
7.5
CVSSv2
CVE-2014-0057
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote malicious users to execute arbitrary methods via unspecified vectors.
Redhat Cloudforms 3.0
Redhat Cloudforms 3.0 Management Engine 5.2
2.1
CVSSv2
CVE-2012-5509
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine prior to 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
Redhat Cloudforms Cloud Engine
Redhat Cloudforms Cloud Engine 1.0
2.1
CVSSv2
CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine prior to 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
Redhat Cloudforms Cloud Engine 1.0
Redhat Cloudforms Cloud Engine
9
CVSSv2
CVE-2019-14894
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on t...
Redhat Cloudforms Management Engine 5.10
Redhat Cloudforms Management Engine 5.11
4.9
CVSSv2
CVE-2020-10780
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an...
Redhat Cloudforms Management Engine 4.7
Redhat Cloudforms Management Engine 5.0
6
CVSSv2
CVE-2019-10177
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which c...
Redhat Cloudforms Management Engine 5.10
Redhat Cloudforms Management Engine 5.9
5.5
CVSSv2
CVE-2020-14296
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
Redhat Cloudforms Management Engine 4.7
Redhat Cloudforms Management Engine 5.0
5.5
CVSSv2
CVE-2020-25716
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-1...
Redhat Cloudforms
5.5
CVSSv2
CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms prior to 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID"...
Redhat Cloudforms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »