CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Cloudforms : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-25716 284 2021-06-07 2021-06-15
5.5
None Remote Low ??? Partial Partial None
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected
2 CVE-2020-14369 352 CSRF 2020-12-02 2020-12-04
6.8
None Remote Medium Not required Partial Partial Partial
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
3 CVE-2020-14325 863 2020-08-11 2020-08-12
6.4
None Remote Low Not required Partial Partial None
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.
4 CVE-2020-10783 863 2020-08-11 2020-08-12
6.5
None Remote Low ??? Partial Partial Partial
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
5 CVE-2020-10779 862 Bypass 2020-08-11 2020-08-12
4.0
None Remote Low ??? Partial None None
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.
6 CVE-2020-10778 863 2020-08-11 2020-08-12
6.5
None Remote Low ??? Partial Partial Partial
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
7 CVE-2020-10777 79 XSS 2020-08-11 2020-08-12
3.5
None Remote Medium ??? None Partial None
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
8 CVE-2019-11358 79 XSS 2019-04-20 2021-06-14
4.3
None Remote Medium Not required None Partial None
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
9 CVE-2019-5419 770 DoS 2019-03-27 2020-10-16
7.8
None Remote Low Not required None None Complete
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
10 CVE-2019-5418 2019-03-27 2020-10-16
5.0
None Remote Low Not required Partial None None
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
11 CVE-2018-1000544 59 Dir. Trav. 2018-06-26 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
12 CVE-2018-16476 502 2018-11-30 2019-10-09
5.0
None Remote Low Not required Partial None None
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
13 CVE-2018-11627 79 XSS 2018-05-31 2019-02-26
4.3
None Remote Medium Not required None Partial None
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
14 CVE-2018-10905 78 Exec Code 2018-07-24 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
15 CVE-2018-10855 532 2018-07-03 2020-05-29
4.3
None Remote Medium Not required Partial None None
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
16 CVE-2018-7750 287 2018-03-13 2020-10-15
7.5
None Remote Low Not required Partial Partial Partial
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
17 CVE-2018-3760 200 +Info 2018-06-26 2019-10-09
5.0
None Remote Low Not required Partial None None
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
18 CVE-2018-1104 94 Exec Code 2018-05-02 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
19 CVE-2018-1101 521 2018-05-02 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
20 CVE-2018-1058 Exec Code 2018-03-02 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
21 CVE-2018-1053 732 2018-02-09 2019-10-09
3.3
None Local Medium Not required Partial Partial None
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.
22 CVE-2017-12191 613 2018-02-28 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.
23 CVE-2017-12148 20 Exec Code 2018-07-27 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
24 CVE-2017-11610 276 Exec Code 2017-08-23 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
25 CVE-2017-7530 2018-07-26 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).
26 CVE-2017-2664 2018-07-26 2019-10-09
4.0
None Remote Low ??? None Partial None
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
27 CVE-2017-2653 20 XSS Bypass 2018-07-27 2019-10-09
4.0
None Remote Low ??? None Partial None
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.
28 CVE-2017-2639 295 2018-07-27 2019-10-09
5.0
None Remote Low Not required Partial None None
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
29 CVE-2017-2632 863 2018-07-27 2019-10-09
4.0
None Remote Low ??? None Partial None
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.
30 CVE-2016-7071 285 2018-09-10 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
31 CVE-2016-7047 200 +Info 2018-09-11 2019-10-09
4.0
None Remote Low ??? Partial None None
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.
32 CVE-2016-5402 94 Exec Code 2018-10-31 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
33 CVE-2016-5383 284 Exec Code 2016-08-26 2016-08-26
6.5
None Remote Low ??? Partial Partial Partial
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
34 CVE-2016-4471 264 Exec Code 2017-06-08 2017-06-15
6.5
None Remote Low ??? Partial Partial Partial
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
35 CVE-2014-0197 352 CSRF 2019-12-13 2019-12-18
6.8
None Remote Medium Not required Partial Partial Partial
CFME: CSRF protection vulnerability via permissive check of the referrer header
36 CVE-2014-0081 79 XSS 2014-02-20 2019-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
37 CVE-2014-0057 94 2014-03-18 2014-03-19
7.5
None Remote Low Not required Partial Partial Partial
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
38 CVE-2013-6443 352 Bypass CSRF 2014-01-23 2014-01-23
6.8
None Remote Medium Not required Partial Partial Partial
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
39 CVE-2013-4423 522 2019-11-04 2019-11-06
2.1
None Local Low Not required Partial None None
CloudForms stores user passwords in recoverable format
40 CVE-2013-0186 79 XSS 2019-11-01 2019-11-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
41 CVE-2012-5605 264 2013-01-04 2017-08-29
2.1
None Local Low Not required None Partial None
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
42 CVE-2012-5604 264 Bypass 2013-03-01 2018-05-12
4.3
None Remote Medium Not required None Partial None
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.
43 CVE-2012-5603 264 2013-01-04 2017-08-29
5.5
None Remote Low ??? Partial Partial None
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
44 CVE-2012-4574 255 2013-01-04 2017-08-29
2.1
None Local Low Not required Partial None None
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
45 CVE-2012-3538 255 2013-01-04 2017-08-29
3.3
None Local Network Low Not required Partial None None
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.