Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloudforms_3\.0_management_engine
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-18 | CVE-2014-0057 | The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. | Cloudforms, Cloudforms_3\.0_management_engine | N/A | ||
| 2014-05-14 | CVE-2014-0078 | The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-05-14 | CVE-2014-0137 | SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-07-07 | CVE-2014-0176 | Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-07-07 | CVE-2014-0180 | The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-07-07 | CVE-2014-0184 | Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-07-07 | CVE-2014-3486 | The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-07-07 | CVE-2014-3489 | lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. | Cloudforms_3\.0_management_engine | N/A | ||
| 2014-10-06 | CVE-2014-0140 | Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. | Cloudforms_3\.0\.1_management_engine, Cloudforms_3\.0\.2_management_engine, Cloudforms_3\.0\.3_management_engine, Cloudforms_3\.0\.4_management_engine, Cloudforms_3\.0\.5_management_engine, Cloudforms_3\.0_management_engine | N/A | ||
| 2014-10-06 | CVE-2014-3642 | vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method." | Cloudforms_3\.0\.1_management_engine, Cloudforms_3\.0\.2_management_engine, Cloudforms_3\.0\.3_management_engine, Cloudforms_3\.0\.4_management_engine, Cloudforms_3\.0\.5_management_engine, Cloudforms_3\.0_management_engine | N/A |