cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-10159,https://securityvulnerability.io/vulnerability/CVE-2019-10159,Data Leak Vulnerability in CFME Gemset by Red Hat,"CFME Gemset versions up to 5.10.4.3 and 5.9.9.3 may be susceptible to data exposure due to insufficient authorization in the migration log controller. This allows unprivileged users with access to the system to retrieve sensitive VM migration logs, potentially compromising the security of virtual machine data. Organizations using these versions should implement necessary patches to ensure data integrity and confidentiality.",Red Hat,Cfme,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-06-14T13:53:19.000Z,0
CVE-2016-7047,https://securityvulnerability.io/vulnerability/CVE-2016-7047,,"A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.",Red Hat,Cfme,4.3,MEDIUM,0.0014600000577047467,false,,false,false,false,,,false,false,,2018-09-11T13:00:00.000Z,0
CVE-2016-7071,https://securityvulnerability.io/vulnerability/CVE-2016-7071,,"It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.",Red Hat,Cfme,8.8,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2018-09-10T15:00:00.000Z,0
CVE-2017-2632,https://securityvulnerability.io/vulnerability/CVE-2017-2632,,A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.,Red Hat,Cfme,4.9,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2018-07-27T19:00:00.000Z,0
CVE-2017-7530,https://securityvulnerability.io/vulnerability/CVE-2017-7530,,"In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).",Red Hat,Cfme,8.8,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2018-07-26T13:00:00.000Z,0