Shodan
Vulnerabilities
Vulnerable Software
Redhat:  >> Cloudforms  Security Vulnerabilities
CVE-2014-0057
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2014-03-18
CVE-2014-0081
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
CVSS Score
4.3
EPSS Score
0.009
Published
2014-02-20
CVE-2013-6443
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-01-23
CVE-2012-5604
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2013-03-01
CVE-2012-4574
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
CVSS Score
2.1
EPSS Score
0.001
Published
2013-01-04
CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
CVSS Score
5.5
EPSS Score
0.003
Published
2013-01-04
CVE-2012-5605
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
CVSS Score
2.1
EPSS Score
0.001
Published
2013-01-04
CVE-2012-3538
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
CVSS Score
3.3
EPSS Score
0.002
Published
2013-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved