Redhat

Cloudforms Management Engine

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2017-2664

  • EPSS 0.22%
  • Published 26.07.2018 14:29:00
  • Last modified 21.11.2024 03:23:55

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion...

8.8

CVE-2017-7530

  • EPSS 0.34%
  • Published 26.07.2018 13:29:00
  • Last modified 21.11.2024 03:32:05

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacke...

7.8

CVE-2018-10905

  • EPSS 0.29%
  • Published 24.07.2018 13:29:00
  • Last modified 21.11.2024 03:42:16

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

7.5

CVE-2013-2049

  • EPSS 0.16%
  • Published 01.05.2018 19:29:00
  • Last modified 21.11.2024 01:50:55

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.

8.8

CVE-2014-0087

  • EPSS 0.1%
  • Published 11.01.2018 16:29:00
  • Last modified 21.11.2024 02:01:20

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RB...

7.5

CVE-2016-4457

  • EPSS 0.18%
  • Published 08.06.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.

5.3

CVE-2016-3702

  • EPSS 0.18%
  • Published 21.04.2017 20:59:00
  • Last modified 20.04.2025 01:37:25

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

9

CVE-2016-7040

  • EPSS 0.64%
  • Published 07.10.2016 14:59:07
  • Last modified 12.04.2025 10:46:40

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the...

5.1

CVE-2015-7502

  • EPSS 0.06%
  • Published 11.04.2016 21:59:08
  • Last modified 12.04.2025 10:46:40

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain priv...

7.5

CVE-2013-2050

Exploit
  • EPSS 53.75%
  • Published 11.01.2014 01:55:02
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the...