Cloudforms
by Cloudforms
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7071 | Hig | 0.57 | 8.8 | 0.02 | Sep 10, 2018 | It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. | ||
| CVE-2013-4423 | 0.00 | — | 0.00 | Nov 4, 2019 | CloudForms stores user passwords in recoverable format |
- risk 0.57cvss 8.8epss 0.02
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
- CVE-2013-4423Nov 4, 2019risk 0.00cvss —epss 0.00
CloudForms stores user passwords in recoverable format