Page 3 of 13 results (0.013 seconds)

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. CatalogController en Red Hat CloudForms Management Engine (CFME) anterior a 5.2.3.2 permite a usuarios remotos autenticados eliminar catálogos arbitrarios a través de vectores involucrando adivinar el identificador del catálogo. • http://rhn.redhat.com/errata/RHSA-2014-0469.html https://bugzilla.redhat.com/show_bug.cgi?id=1064556 https://access.redhat.com/security/cve/CVE-2014-0078 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. El método x_button en el controlador de servicio (vmdb/app/controllers/service_controller.rb) en Red Hat CloudForms 3.0 Management Engine 5.2 permite a atacantes remotos ejecutar métodos arbitrarios a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2014-0215.html http://secunia.com/advisories/57376 https://bugzilla.redhat.com/show_bug.cgi?id=1064140 https://access.redhat.com/security/cve/CVE-2014-0057 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request. CloudForms 3.0 Management Engine anterior a la versión 5.2.1.6 permite a atacantes remotos evadir el mecanismo protect_from_forgery de Ruby on Rails y llevar a cabo ataques de CSRF a través de una acción destructiva en una petición. • http://rhn.redhat.com/errata/RHSA-2014-0025.html http://www.securitytracker.com/id/1029606 https://access.redhat.com/security/cve/CVE-2013-6443 https://bugzilla.redhat.com/show_bug.cgi?id=1044178 • CWE-352: Cross-Site Request Forgery (CSRF) •