Vendor
Cloudforms
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7071 | Hig | 0.57 | 8.8 | 0.02 | Sep 10, 2018 | It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. | ||
| CVE-2016-3702 | Med | 0.35 | 5.3 | 0.01 | Apr 21, 2017 | Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | ||
| CVE-2013-4423 | 0.00 | — | 0.00 | Nov 4, 2019 | CloudForms stores user passwords in recoverable format |
- risk 0.57cvss 8.8epss 0.02
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
- risk 0.35cvss 5.3epss 0.01
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
- CVE-2013-4423Nov 4, 2019risk 0.00cvss —epss 0.00
CloudForms stores user passwords in recoverable format