Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat cloudforms management engine vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-15123
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created v...
Redhat Cloudforms Management Engine
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
200 Github repositories
6.5
CVSSv3
CVE-2017-7528
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower -
6.5
CVSSv3
CVE-2017-2653
A number of unused delete routes are present in CloudForms prior to 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an malicious user to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would...
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.2
7.5
CVSSv3
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an malicious user to spoof RHEV or OpenShift systems and po...
Redhat Cloudforms 4.5
Redhat Cloudforms Management Engine 5.8
6.5
CVSSv3
CVE-2017-2664
CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate...
Redhat Cloudforms 4.6
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.2
8.8
CVSSv3
CVE-2017-7530
In CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execut...
Redhat Cloudforms 4.5
Redhat Cloudforms Management Engine
7.5
CVSSv3
CVE-2013-2049
Red Hat CloudForms 2 Management Engine (CFME) allows remote malicious users to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
Redhat Cloudforms Management Engine 2.0
6.5
CVSSv3
CVE-2014-7813
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.
Redhat Cloudforms 3.0 Management Engine -
NA
CVE-2014-0136
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote malicious users to insert arbitrary text into log files via unspecified vectors.
Redhat Cloudforms 3.0 Management Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »