Skip to main content

Cloudforms 3 0 Management Engine

13 CVEs product

Monthly

CVE-2014-7813 MEDIUM This Month

Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Cloudforms 3 0 Management Engine
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2014-0136 MEDIUM This Month

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3642 MEDIUM This Month

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine Cloudforms 3 0 2 Management Engine Cloudforms 3 0 3 Management Engine +3
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-0140 MEDIUM This Month

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine Cloudforms 3 0 2 Management Engine Cloudforms 3 0 3 Management Engine +3
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3489 MEDIUM This Month

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3486 MEDIUM This Month

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users. Rated medium severity (CVSS 6.9). No vendor patch available.

Red Hat Information Disclosure Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-0184 MEDIUM This Month

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-0180 MEDIUM This Month

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0176 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0137 MEDIUM This Month

SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-0078 MEDIUM This Month

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-0057 HIGH This Week

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Red Hat Cloudforms Cloudforms 3 0 Management Engine
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-6443 MEDIUM This Month

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cloudforms Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Cloudforms 3 0 Management Engine
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Cloudforms 3 0 Management Engine
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine +5
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users. Rated medium severity (CVSS 6.9). No vendor patch available.

Red Hat Information Disclosure Cloudforms 3 0 Management Engine
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Cloudforms 3 0 Management Engine
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cloudforms 3 0 Management Engine
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cloudforms 3 0 Management Engine
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 Management Engine
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cloudforms Cloudforms 3 0 Management Engine
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy