Manageiq
by Manageiq
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-52903 | imp | 0.57 | 8.8 | — | Jun 9, 2026 | manageiq: YAML safe_load production fallback to unsafe_load enables RCE via deserialization | ||
| CVE-2021-32756 | Hig | 0.57 | 8.8 | 0.02 | Jul 21, 2021 | ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will… | ||
| CVE-2014-0087 | Hig | 0.57 | 8.8 | 0.02 | Jan 11, 2018 | The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the… | ||
| CVE-2026-22598 | Hig | 0.46 | — | 0.00 | Jan 21, 2026 | ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service. Version radjabov-2 contains a patch. One… | ||
| CVE-2024-43191 | 0.00 | — | 0.01 | Sep 26, 2024 | IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. |
- risk 0.57cvss 8.8epss —
manageiq: YAML safe_load production fallback to unsafe_load enables RCE via deserialization
- risk 0.57cvss 8.8epss 0.02
ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will…
- risk 0.57cvss 8.8epss 0.02
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the…
- risk 0.46cvss —epss 0.00
ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service. Version radjabov-2 contains a patch. One…
- CVE-2024-43191Sep 26, 2024risk 0.00cvss —epss 0.01
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.