Skip to main content

Cloudforms Management Engine

18 CVEs product

Monthly

CVE-2020-14324 CRITICAL Act Now

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
9.1
EPSS
2.5%
CVE-2020-14296 HIGH This Week

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-10780 MEDIUM This Month

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-1740 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible Ansible Tower Cloudforms Management Engine +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-1738 PyPI LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-1736 PyPI LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-1735 PyPI MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-1739 PyPI LOW PATCH Monitor

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-1733 PyPI MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2019-10177 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE CSRF Cloudforms Management Engine
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2018-10905 HIGH This Week

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cloudforms Cloudforms Management Engine
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-4457 HIGH This Week

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudforms Management Engine
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3702 MEDIUM This Month

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Cloudforms Management Engine
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-7040 HIGH This Week

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms Management Engine
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-7502 MEDIUM This Month

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Red Hat Information Disclosure PostgreSQL Cloudforms Management Engine Cloudforms
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2013-2050 HIGH POC THREAT Act Now

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.2%.

Red Hat SQLi Cloudforms Management Engine Manageiq Enterprise Virtualization Manager
NVD
CVSS 2.0
7.5
EPSS
54.2%
Threat
4.6
CVE-2013-2068 CRITICAL POC THREAT Emergency

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

Red Hat Path Traversal Cloudforms Management Engine
NVD Exploit-DB
CVSS 2.0
9.4
EPSS
78.5%
Threat
5.7
CVE-2013-4172 HIGH This Week

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Code Injection RCE Cloudforms Management Engine
NVD
CVSS 2.0
8.5
EPSS
0.7%
EPSS 3% CVSS 9.1
CRITICAL Act Now

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Red Hat Cloudforms Management Engine
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Red Hat Cloudforms Management Engine
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Red Hat Cloudforms Management Engine
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible +5
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower +3
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower +4
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Ansible Tower +4
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower +4
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE CSRF +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cloudforms Cloudforms Management Engine
NVD
EPSS 0% CVSS 7.5
HIGH This Week

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudforms Management Engine
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Cloudforms Management Engine
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms Management Engine
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Red Hat Information Disclosure PostgreSQL +2
NVD
EPSS 54% 4.6 CVSS 7.5
HIGH POC THREAT Act Now

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.2%.

Red Hat SQLi Cloudforms Management Engine +1
NVD
EPSS 78% 5.7 CVSS 9.4
CRITICAL POC THREAT Emergency

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

Red Hat Path Traversal Cloudforms Management Engine
NVD Exploit-DB
EPSS 1% CVSS 8.5
HIGH This Week

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Code Injection RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy