VYPR

Cloudforms

by Cloudforms

CVEs (2)

  • CVE-2016-7071HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.02

    It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

  • CVE-2013-4423Nov 4, 2019
    risk 0.00cvss epss 0.00

    CloudForms stores user passwords in recoverable format