CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-14296

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.9%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 5.5

References

https://access.redhat.com/security/cve/cve-2020-14296
https://bugzilla.redhat.com/show_bug.cgi?id=1847860
https://access.redhat.com/security/cve/cve-2020-14296
https://bugzilla.redhat.com/show_bug.cgi?id=1847860

Products affected by CVE-2020-14296

Redhat » Cloudforms Management Engine » Version: 4.7

cpe:2.3:a:redhat:cloudforms_management_engine:4.7
Redhat » Cloudforms Management Engine » Version: 5.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-14296

Products

Pricing

Contact Us