Redhat

Cloudforms Management Engine

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2017-2664

  • EPSS 0.22%
  • Veröffentlicht 26.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:55

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion...

8.8

CVE-2017-7530

  • EPSS 0.34%
  • Veröffentlicht 26.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:32:05

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacke...

7.8

CVE-2018-10905

  • EPSS 0.29%
  • Veröffentlicht 24.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:16

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

7.5

CVE-2013-2049

  • EPSS 0.16%
  • Veröffentlicht 01.05.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 01:50:55

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.

8.8

CVE-2014-0087

  • EPSS 0.1%
  • Veröffentlicht 11.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 02:01:20

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RB...

7.5

CVE-2016-4457

  • EPSS 0.18%
  • Veröffentlicht 08.06.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.

5.3

CVE-2016-3702

  • EPSS 0.18%
  • Veröffentlicht 21.04.2017 20:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

9

CVE-2016-7040

  • EPSS 0.64%
  • Veröffentlicht 07.10.2016 14:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the...

5.1

CVE-2015-7502

  • EPSS 0.06%
  • Veröffentlicht 11.04.2016 21:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain priv...

7.5

CVE-2013-2050

Exploit
  • EPSS 53.75%
  • Veröffentlicht 11.01.2014 01:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the...