Redhat: >> Cloudforms 3.0 Management Engine >> 5.2 Security Vulnerabilities
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2014-03-18
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-01-23
Page 2