Cloudforms Management Engine
by Red Hat
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4457 | Hig | 0.49 | 7.5 | 0.00 | Jun 8, 2017 | CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | |
| CVE-2013-2068 | 0.09 | — | 0.78 | Sep 28, 2013 | Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method. | ||
| CVE-2013-2050 | 0.07 | — | 0.54 | Jan 11, 2014 | SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. | ||
| CVE-2013-4172 | 0.00 | — | 0.01 | Aug 23, 2013 | The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. |