GCVE - cpe:2.3:a:n/a:cloudforms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:cloudforms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Cloudforms (`952d1bf6-ebdf-5c88-89b1-b66280c4d27d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-25716`	vulnerable	2026-06-08 05:23:49.144379	Details available A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected Published: 2021-06-07T20:27:15.000Z Updated: 2024-08-04T15:40:36.658Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1898525	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14369`	vulnerable	2026-06-08 05:19:23.144742	Details available This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. Published: 2020-12-02T14:28:04.000Z Updated: 2024-08-04T12:46:33.285Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1871921	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14325`	vulnerable	2026-06-08 05:19:22.981223	Details available Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Published: 2020-08-11T12:49:44.000Z Updated: 2024-08-04T12:39:36.480Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1855739 https://access.redhat.com/security/cve/cve-2020-14325	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14324`	vulnerable	2026-06-08 05:19:22.979346	Details available A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. Published: 2020-08-11T13:19:47.000Z Updated: 2024-08-04T12:39:36.479Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1855713 https://access.redhat.com/security/cve/cve-2020-14324	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14296`	vulnerable	2026-06-08 05:19:22.850078	Details available Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. Published: 2020-08-11T13:14:57.000Z Updated: 2024-08-04T12:39:36.243Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1847860 https://access.redhat.com/security/cve/cve-2020-14296	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10783`	vulnerable	2026-06-08 05:16:35.888579	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10780`	vulnerable	2026-06-08 05:16:35.879718	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10779`	vulnerable	2026-06-08 05:16:35.879371	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10778`	vulnerable	2026-06-08 05:16:35.879004	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10777`	vulnerable	2026-06-08 05:16:35.872257	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.