CVE-2016-7071

8.8HIGH

Key Information:

Vendor: Red Hat
Status: Cfme
Vendor: CVE Published:; 10 September 2018

Summary

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

Affected Version(s)

CFME 5.6.2.2

CFME 5.7.0.7

References

http://rhn.redhat.com/errata/RHSA-2016-2091.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7071

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2018
Vulnerability Reserved
Aug 23, 2016