Flaw in VMware CloudForms Account Configuration Allows Unauthorized Access
CVE-2017-12191

7.4HIGH

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
28 February 2018

Summary

A security issue exists in VMware CloudForms due to improper account configuration, leading to the use of a shared account with privileged access to VMware Remote Console (VMRC) functions. This flaw may allow unauthorized users to access and modify settings within the VMRC and associated virtual machines, potentially compromising their security.

Affected Version(s)

CloudForms Through 5.9

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.