{"id":"RHSA-2019:2587","summary":"Red Hat Security Advisory: CloudForms 4.7.9 security, bug fix and enhancement update","modified":"2026-04-02T10:01:02Z","published":"2024-09-16T02:50:33Z","upstream":["CVE-2018-10854","CVE-2019-11358"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2587"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/release_notes"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1590538"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677580"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701972"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733376"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737123"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737618"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1738266"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740227"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740228"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740229"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740230"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740767"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740769"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1740844"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741634"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741635"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741944"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741945"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743266"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2587.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-10854"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-10854"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10854"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-11358"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-11358"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358"},{"type":"ARTICLE","url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"},{"type":"ARTICLE","url":"https://www.drupal.org/sa-core-2019-006"}],"affected":[{"package":{"name":"ansible-tower","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ansible-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.2-1.el7at"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ansible-tower-server","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ansible-tower-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.2-1.el7at"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ansible-tower-setup","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ansible-tower-setup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.2-1.el7at"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ansible-tower-ui","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ansible-tower-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.2-1.el7at"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ansible-tower-venv-ansible","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ansible-tower-venv-ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.2-1.el7at"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ansible-tower-venv-tower","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ansible-tower-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.2-1.el7at"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-amazon-smartstate","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-amazon-smartstate"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-appliance","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-appliance"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-appliance-common","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-appliance-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-appliance-debuginfo","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-appliance-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-appliance-tools","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-appliance-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-debuginfo","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-gemset","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-gemset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"cfme-gemset-debuginfo","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/cfme-gemset-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.10.9.1-1.el7cf"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ovirt-ansible-hosted-engine-setup","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ovirt-ansible-hosted-engine-setup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.23-1.el7ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ovirt-ansible-roles","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ovirt-ansible-roles"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.7-1.el7ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"ovirt-ansible-vm-infra","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/ovirt-ansible-vm-infra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.19-1.el7ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"v2v-conversion-host","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/v2v-conversion-host"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.14.2-1.el7ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"v2v-conversion-host-ansible","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/v2v-conversion-host-ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.14.2-1.el7ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}},{"package":{"name":"v2v-conversion-host-wrapper","ecosystem":"Red Hat:cloudforms_managementengine:5.10::el7","purl":"pkg:rpm/redhat/v2v-conversion-host-wrapper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.14.2-1.el7ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:2587.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"}]}