CVSS: 8.8EPSS: 40%CPEs: 2EXPL: 3CVE-2013-2050 – Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
https://notcve.org/view.php?id=CVE-2013-2050
27 Dec 2013 — SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. Vulnerabilidad de inyección SQL en el controlador miq_policy para Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 y ManageIQ Enterprise Virtualization Manager 5.0 y anteriores permite a usuarios remotos autenticado... • https://packetstorm.news/files/id/124609 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 75%CPEs: 1EXPL: 3CVE-2013-2068 – Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal
https://notcve.org/view.php?id=CVE-2013-2068
04 Sep 2013 — Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method. Múltiples vulnerabilidades de recorrido de directorios en AgentController de Red Hat CloudForms Management Engine 2.0, permite a un atacante remoto crear y sobreescribir archivos a discrección a traés de un .. (punto punto) en el parámetro... • https://packetstorm.news/files/id/124569 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4172 – interface: Ruby code injection
https://notcve.org/view.php?id=CVE-2013-4172
19 Aug 2013 — The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. Red Hat CloudForms Management Engine v5.1 permite a administradores remotos ejecutar código Ruby arbitrario a través de vectores no especificados. Red Hat CloudForms Management Engine provides the insight, control, and automation needed to address the challenges of managing virtual environments. An input sanitization flaw was found in Red Hat CloudForms Management Engine. A user w... • http://rhn.redhat.com/errata/RHSA-2013-1157.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •