What is CVE-2020-14296?

CVE-2020-14296 is a vulnerability in Red Hat CloudForms 4.7 and 5 that allows for Server-Side Request Forgery (SSRF) attacks.

How does CVE-2020-14296 work?

CVE-2020-14296 allows an attacker to scan and attack systems from the internal network which are not normally accessible by exploiting a Server-Side Request Forgery (SSRF) flaw through the addition of an Ansible Tower provider.

What is the severity of CVE-2020-14296?

The severity of CVE-2020-14296 is high, with a CVSSv3 severity score of 7.1.

How can I fix CVE-2020-14296?

To fix CVE-2020-14296, upgrade to Red Hat CloudForms version 5.11.7.0 or later.

Where can I find more information about CVE-2020-14296?

You can find more information about CVE-2020-14296 at the following references: [Red Hat Security Advisory RHSA-2020:3358](https://access.redhat.com/errata/RHSA-2020:3358), [Red Hat CVE-2020-14296](https://access.redhat.com/security/cve/cve-2020-14296), [Red Hat Bugzilla Bug 1847860](https://bugzilla.redhat.com/show_bug.cgi?id=1847860).

Vulnerability/
CVE-2020-14296

high

7.1

CWE

918

17/6/2020

11/8/2020

16/2/2021

CVE-2020-14296: SSRF

First published: Wed Jun 17 2020(Updated: )

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Cloudforms Management Engine	=4.7
Redhat Cloudforms Management Engine	=5.0
redhat/cfme	<5.11.7.0	5.11.7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-14296?
CVE-2020-14296 is a vulnerability in Red Hat CloudForms 4.7 and 5 that allows for Server-Side Request Forgery (SSRF) attacks.
How does CVE-2020-14296 work?
CVE-2020-14296 allows an attacker to scan and attack systems from the internal network which are not normally accessible by exploiting a Server-Side Request Forgery (SSRF) flaw through the addition of an Ansible Tower provider.
What is the severity of CVE-2020-14296?
The severity of CVE-2020-14296 is high, with a CVSSv3 severity score of 7.1.
How can I fix CVE-2020-14296?
To fix CVE-2020-14296, upgrade to Red Hat CloudForms version 5.11.7.0 or later.
Where can I find more information about CVE-2020-14296?
You can find more information about CVE-2020-14296 at the following references: [Red Hat Security Advisory RHSA-2020:3358](https://access.redhat.com/errata/RHSA-2020:3358), [Red Hat CVE-2020-14296](https://access.redhat.com/security/cve/cve-2020-14296), [Red Hat Bugzilla Bug 1847860](https://bugzilla.redhat.com/show_bug.cgi?id=1847860).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-14296
agent/software-canonical-lookup
vendor/redhat
canonical/redhat cloudforms management engine
version/redhat cloudforms management engine/4.7
version/redhat cloudforms management engine/5.0
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.