Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

CFME

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2014-0197
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.11%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 12:48
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFME: CSRF protection vulnerability via permissive check of the referrer header

Action-Not Available
Vendor-CFMERed Hat, Inc.
Product-cloudforms_management_enginecloudformsCFME
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-7071
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.66%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 15:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

Action-Not Available
Vendor-Red Hat, Inc.
Product-cloudforms_management_enginecloudformsCFME
CWE ID-CWE-285
Improper Authorization
CVE-2017-7497
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.12% / 31.70%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-cloudforms_management_engineCFME
CWE ID-CWE-284
Improper Access Control