CVE-2017-2664

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Cloudforms
Vendor: CVE Published:; 26 July 2018

Summary

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

Affected Version(s)

CloudForms 5.7.3

CloudForms 5.8.1

References

https://access.redhat.com/errata/RHSA-2017:3484

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/100148

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2017:1758

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Dec 1, 2016

.