VYPR
Vendor

Manageiq

Products
4
CVEs
9
Across products
9
Status
Private

Products

4

Recent CVEs

9
  • CVE-2026-52903impJun 9, 2026
    risk 0.57cvss 8.8epss

    manageiq: YAML safe_load production fallback to unsafe_load enables RCE via deserialization

  • CVE-2021-32756HigJul 21, 2021
    risk 0.57cvss 8.8epss 0.02

    ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will…

  • CVE-2014-0197HigDec 13, 2019
    risk 0.57cvss 8.8epss 0.01

    CFME: CSRF protection vulnerability via permissive check of the referrer header

  • CVE-2013-0185HigMay 1, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.

  • CVE-2014-0087HigJan 11, 2018
    risk 0.57cvss 8.8epss 0.02

    The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the…

  • CVE-2016-4471HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.02

    ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.

  • CVE-2018-10905HigJul 24, 2018
    risk 0.51cvss 7.8epss 0.00

    CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

  • CVE-2026-22598HigJan 21, 2026
    risk 0.46cvss epss 0.00

    ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service. Version radjabov-2 contains a patch. One…

  • CVE-2024-43191Sep 26, 2024
    risk 0.00cvss epss 0.01

    IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.