VYPR

Cloudforms 3.0.2 Management Engine

by Red Hat

CVEs (3)

  • CVE-2013-2050Jan 11, 2014
    risk 0.04cvss epss 0.16

    SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an…

  • CVE-2014-3642Oct 6, 2014
    risk 0.00cvss epss 0.01

    vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."

  • CVE-2014-0140Oct 6, 2014
    risk 0.00cvss epss 0.01

    Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.