CVE-2020-14296
HIGHRed Hat CloudForms 4.7 and 5 - Server-Side Request Forgery via Ansible Tower Provider
Title source: llmDescription
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1847860
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2020-14296
Scores
CVSS v3
7.1
EPSS
0.0015
EPSS Percentile
35.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-918
Status
published
Products (2)
redhat/cloudforms_management_engine
4.7
redhat/cloudforms_management_engine
5.0
Published
Aug 11, 2020
Tracked Since
Feb 18, 2026