VYPR

Manageiq

by Manageiq

Source repositories

CVEs (5)

  • CVE-2026-52903impJun 9, 2026
    risk 0.57cvss 8.8epss

    manageiq: YAML safe_load production fallback to unsafe_load enables RCE via deserialization

  • CVE-2021-32756HigJul 21, 2021
    risk 0.57cvss 8.8epss 0.02

    ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will…

  • CVE-2014-0087HigJan 11, 2018
    risk 0.57cvss 8.8epss 0.02

    The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the…

  • CVE-2026-22598HigJan 21, 2026
    risk 0.46cvss epss 0.00

    ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service. Version radjabov-2 contains a patch. One…

  • CVE-2024-43191Sep 26, 2024
    risk 0.00cvss epss 0.01

    IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.