Insufficient Tenant Isolation in CloudForms by Red Hat
CVE-2017-7497

4.1MEDIUM

Key Information:

Vendor: [unknown]
Status: Cfme
Vendor: CVE Published:; 27 July 2018

🔔 Create [unknown] Vulnerability Alert

What is CVE-2017-7497?

The CloudForms management platform has a vulnerability where the dialog for creating cloud volumes does not properly filter cloud tenants by user identity. This allows an attacker with permissions to create storage volumes to potentially produce volumes for other tenants, compromising the intended isolation within the multi-tenant environment.

Affected Version(s)

CFME

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2017:1601

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:1758

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Apr 5, 2017

CVE-2017-7497 Data

.