Cloudforms Security Vulnerabilities
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on...
5.9CVSS
5.7AI Score
0.003EPSS
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
7.5CVSS
7.2AI Score
0.023EPSS
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file.....
9.8CVSS
9.2AI Score
0.002EPSS
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser...
6.1CVSS
5.8AI Score
0.001EPSS
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower...
8.8CVSS
8.9AI Score
0.002EPSS
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization...
7.2CVSS
6.8AI Score
0.003EPSS
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb...
7.5CVSS
7.5AI Score
0.002EPSS
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...
9.8CVSS
9.4AI Score
0.048EPSS
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are...
8.8CVSS
7.6AI Score
0.005EPSS
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this...
7.4CVSS
7.2AI Score
0.001EPSS
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of pg_dumpall -g under umask which was in effect when the user invoked pg_upgrade, and not under 0077...
7CVSS
6.5AI Score
0.001EPSS
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit...
8.8CVSS
8.5AI Score
0.002EPSS
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted...
6.5CVSS
6.1AI Score
0.001EPSS
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace...
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary...
8.8CVSS
8.6AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext...
5.3CVSS
5.2AI Score
0.001EPSS
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter...
8.8CVSS
8.8AI Score
0.004EPSS
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field...
8.8CVSS
8.6AI Score
0.005EPSS
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database...
5.1CVSS
5.2AI Score
0.001EPSS
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL...
8.1AI Score
0.001EPSS
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain...
7.3AI Score
0.005EPSS
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified...
6.9AI Score
0.002EPSS
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send...
6.7AI Score
0.002EPSS
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS...
6.4AI Score
0.001EPSS
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force...
6.5AI Score
0.003EPSS
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable...
7.2AI Score
0.0004EPSS
The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified...
6.6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.001EPSS
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log...
5.8AI Score
0.0004EPSS
The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog...
6.5AI Score
0.001EPSS
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to...
8.2AI Score
0.001EPSS
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified...
6.6AI Score
0.007EPSS
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3).....
5.9AI Score
0.002EPSS
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a...
7AI Score
0.001EPSS
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer...
8.2AI Score
0.014EPSS
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs...
7.1AI Score
0.624EPSS
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified...
7.8AI Score
0.001EPSS
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this...
6.3AI Score
0.0004EPSS
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified...
7AI Score
0.001EPSS
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this...
6.3AI Score
0.0004EPSS
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a...
6.2AI Score
0.002EPSS
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache...
6.2AI Score
0.0004EPSS
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading...
6.1AI Score
0.001EPSS