CVE-2020-14324

CRITICAL Year: 2020
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server.

Related Vulnerabilities

CVE-2015-8151

CRITICAL
CVSS:9.1(Critical)

Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.

CWE-782015

CVE-2016-1142

CRITICAL
CVSS:9.1(Critical)

Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CWE-782016

CVE-2016-3028

CRITICAL
CVSS:9.1(Critical)

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by lever...

CWE-782016

CVE-2016-8721

CRITICAL
CVSS:9.1(Critical)

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can...

CWE-782016

CVE-2018-10730

CRITICAL
CVSS:9.1(Critical)

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

CWE-782018

CVE-2018-14860

CRITICAL
CVSS:9.1(Critical)

Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sa...

CWE-782018