cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-10159,https://securityvulnerability.io/vulnerability/CVE-2019-10159,,"cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.",Red Hat,Cfme,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2019-06-14T13:53:19.000Z,0
CVE-2016-7047,https://securityvulnerability.io/vulnerability/CVE-2016-7047,,"A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.",Red Hat,Cfme,4.3,MEDIUM,0.0014600000577047467,false,false,false,false,,false,false,2018-09-11T13:00:00.000Z,0
CVE-2016-7071,https://securityvulnerability.io/vulnerability/CVE-2016-7071,,"It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.",Red Hat,Cfme,8.8,HIGH,0.0012799999676644802,false,false,false,false,,false,false,2018-09-10T15:00:00.000Z,0
CVE-2017-2632,https://securityvulnerability.io/vulnerability/CVE-2017-2632,,A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.,Red Hat,Cfme,4.9,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2018-07-27T19:00:00.000Z,0
CVE-2017-7530,https://securityvulnerability.io/vulnerability/CVE-2017-7530,,"In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).",Red Hat,Cfme,8.8,HIGH,0.0016799999866634607,false,false,false,false,,false,false,2018-07-26T13:00:00.000Z,0