GCVE - cpe:2.3:a:redhat:cloudforms:4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:redhat:cloudforms:4.1:*:*:*:*:*:*:*

part: a version: 4.1 update: *

Vendor	Redhat (`e942785a-ca89-506e-bd99-50782639cde3`)
Product	Cloudforms (`c3c620d3-52ec-5d23-8313-5fca10d999cb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ramrexx/cloudforms_essentials`	purl2cpe	2026-06-01 10:12:57.209150

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-7071`	vulnerable	2026-06-03 14:36:06.808299	Details available HIGH (8.8) It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. Published: 2018-09-10T15:00:00.000Z Updated: 2024-08-06T01:50:47.480Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2016-2091.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7071	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5402`	vulnerable	2026-06-03 14:35:55.081699	Details available HIGH (8.8) A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. Published: 2018-10-31T13:00:00.000Z Updated: 2024-08-06T01:00:59.994Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402 http://www.securityfocus.com/bid/94612 http://rhn.redhat.com/errata/RHSA-2016-2839.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5383`	vulnerable	2026-06-03 14:35:55.029665	Details available The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." Published: 2016-08-26T14:00:00.000Z Updated: 2024-08-06T01:01:00.073Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92585 http://rhn.redhat.com/errata/RHSA-2016-1634.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.