Cloudforms management engine

This hub aggregates every CVE we track for Cloudforms management engine, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cloudforms management engine.

• CVE-2014-8164A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.9.1Jul 6, 2022
• CVE-2022-29181Improper Handling of Unexpected Data Type in Nokogiri8.2May 20, 2022
• CVE-2022-24839Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)7.5Apr 11, 2022
• CVE-2020-14369This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently ...6.3Dec 2, 2020
• CVE-2020-10780Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formul...6.3Aug 11, 2020
• CVE-2020-14324A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker w...9.1Aug 11, 2020
• CVE-2020-14296Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal ne...7.1Aug 11, 2020
• CVE-2020-14325Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, wi...9.1Aug 11, 2020
• CVE-2020-10779Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right c...6.5Aug 11, 2020
• CVE-2020-10783Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads t...8.3Aug 11, 2020
• CVE-2020-10778In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This busin...6.0Aug 11, 2020
• CVE-2020-10777A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Cl...5.4Aug 11, 2020
• CVE-2019-14894A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into ...8.0Jun 22, 2020
• CVE-2020-11023Potential XSS vulnerability in jQueryKEV6.9Apr 29, 2020
• CVE-2019-14905A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a...5.6Mar 31, 2020