CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25716 – Cloudforms: Incomplete fix for CVE-2020-10783
https://notcve.org/view.php?id=CVE-2020-25716
16 Dec 2020 — A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1898525 • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14369 – CloudForms: Cross Site Request Forgery in API notifications
https://notcve.org/view.php?id=CVE-2020-14369
30 Sep 2020 — This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. Esta versión corrige una vulnerabilidad de tipo Cross Site Request Forgery que se encontr... • https://bugzilla.redhat.com/show_bug.cgi?id=1871921 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14325 – CloudForms: User Impersonation in the API for OIDC and SAML
https://notcve.org/view.php?id=CVE-2020-14325
06 Aug 2020 — Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorización de Suplantación de Usuario que permite a un atacante malicioso crear un usuario... • https://access.redhat.com/security/cve/cve-2020-14325 • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 22%CPEs: 23EXPL: 5CVE-2018-7750 – Paramiko 2.4.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-7750
13 Mar 2018 — transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. transport.py en la implementación del servidor SSH de Paramiko, en versiones anteriores a la 1.17.6; versiones 1.18.x ante... • https://packetstorm.news/files/id/150020 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2016-5402 – cfme: RCE via Capacity & Utilization feature
https://notcve.org/view.php?id=CVE-2016-5402
30 Nov 2016 — A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. Se ha encontrado un error de inyección de código en la forma en la que se procesan los archivos de control de capacidad y utilización importados. Un atacante autenticado remoto con acceso a la característica de capacidad y utilización podría emplear... • http://rhn.redhat.com/errata/RHSA-2016-2839.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7071 – CFME: bypass authorization by altering VM ID
https://notcve.org/view.php?id=CVE-2016-7071
20 Oct 2016 — It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. Se ha descubierto que CloudForms en versiones anteriores a la 5.6.2.2 y versiones 5.7.0.7 no aplicó correctamente controles de permisos a los ID de las máquinas virtuales pasados por los usuarios. Un atacante autenticado remoto podría emp... • http://rhn.redhat.com/errata/RHSA-2016-2091.html • CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7040 – cfme: Incorrect sanitization in regular expression engine
https://notcve.org/view.php?id=CVE-2016-7040
04 Oct 2016 — Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. Red Hat CloudForms Management Engine 4.1 no maneja adecuadamente expresiones regulares pasadas al motor de expresión a través de la API JSON y la interfaz de usuario basada en web, lo que permite a usuarios remotos autent... • http://rhn.redhat.com/errata/RHSA-2016-1996.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5383 – CloudForms: Lack of field filters on user input
https://notcve.org/view.php?id=CVE-2016-5383
21 Aug 2016 — The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." La web UI en Red hat CloudForms 4.1 permite a usuarios remotos autenticados ejecutar un código arbitrario a través de vectores relacionados con "falta de filtros de campo". It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running Cloud... • http://rhn.redhat.com/errata/RHSA-2016-1634.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •