VYPR
Vendor

Cloudforms

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2016-7071HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.02

    It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

  • CVE-2016-3702MedApr 21, 2017
    risk 0.35cvss 5.3epss 0.01

    Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

  • CVE-2013-4423Nov 4, 2019
    risk 0.00cvss epss 0.00

    CloudForms stores user passwords in recoverable format