Redhat Cloudforms 3.0 Management Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Cloudforms 3.0 Management Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2014-0057 — CVSS 7.5 (high): The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2…
CVE-2014-3486 — CVSS 6.9 (medium): The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms…
CVE-2013-6443 — CVSS 6.8 (medium): CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and…
CVE-2014-7813 — CVSS 6.5 (medium): Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via…
CVE-2014-0137 — CVSS 6.5 (medium): SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before…
CVE-2014-3642 — CVSS 6.5 (medium): vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote…
CVE-2014-0136 — CVSS 5.0 (medium): The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to…
CVE-2014-0180 — CVSS 5.0 (medium): The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2…
CVE-2014-0184 — CVSS 4.9 (medium): Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to…
CVE-2014-0176 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows…
CVE-2014-3489 — CVSS 4.3 (medium): lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier…
CVE-2014-0078 — CVSS 4.0 (medium): The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary…
CVE-2014-0140 — CVSS 4.0 (medium): Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions…