API Vulnerability in CloudForms by Red Hat
CVE-2016-7047

4.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Cfme
Vendor
CVE Published:
11 September 2018

Summary

A flaw in the CloudForms API could allow unauthorized users to access data from other tenants or groups within the system. This vulnerability primarily affects users with permissions to utilize the MiqReportResults capability before the specified versions. Due to this flaw, there is a risk of sensitive information being exposed, which could compromise the integrity of the data and the trust between different tenants using the CloudForms platform.

Affected Version(s)

cfme 5.8.1.2

cfme 5.7.3.1

cfme 5.6.3.0

References

https://access.redhat.com/errata/RHSA-2017:1601
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1758
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.