CPE Details
Red Hat CloudForms Management Engine 5.10
5.10
2019-06-21
18h00 +00:00
18h00 +00:00
2019-06-21
18h00 +00:00
18h00 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:redhat:cloudforms_management_engine:5.10:*:*:*:*:*:*:*
Informations
Vendor
redhatProduct
cloudforms_management_engineVersion
5.10Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. | 9.1 |
Critical |
||
| A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. | 8 |
High |
||
| A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. | 6.5 |
Medium |
||
| A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines. | 5.3 |
Medium |
2025©
tesweb SA
