API Vulnerability in CloudForms by Red Hat
CVE-2016-7047
4.3MEDIUM
Summary
A flaw in the CloudForms API could allow unauthorized users to access data from other tenants or groups within the system. This vulnerability primarily affects users with permissions to utilize the MiqReportResults capability before the specified versions. Due to this flaw, there is a risk of sensitive information being exposed, which could compromise the integrity of the data and the trust between different tenants using the CloudForms platform.
Affected Version(s)
cfme 5.8.1.2
cfme 5.7.3.1
cfme 5.6.3.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved