Cloudforms

This hub aggregates every CVE we track for Cloudforms, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cloudforms.

• CVE-2020-25716A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted o...8.1Jun 7, 2021
• CVE-2020-14369This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently ...6.3Dec 2, 2020
• CVE-2020-14325Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, wi...9.1Aug 11, 2020
• CVE-2020-10779Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right c...6.5Aug 11, 2020
• CVE-2020-10783Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads t...8.3Aug 11, 2020
• CVE-2020-10778In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This busin...6.0Aug 11, 2020
• CVE-2020-10777A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Cl...5.4Aug 11, 2020
• CVE-2019-14894A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into ...8.0Jun 22, 2020
• CVE-2014-0197CFME: CSRF protection vulnerability via permissive check of the referrer header8.8Dec 13, 2019
• CVE-2018-10854cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scrip...5.4Nov 22, 2019
• CVE-2013-4423CloudForms stores user passwords in recoverable format5.5Nov 4, 2019
• CVE-2013-0186Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.6.1Nov 1, 2019
• CVE-2019-16892In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of serv...5.5Sep 25, 2019
• CVE-2019-10177A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least pri...6.5Jun 27, 2019
• CVE-2019-10159cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivilege...4.3Jun 14, 2019