Insufficient Tenant Isolation in CloudForms by Red Hat
CVE-2017-7497

4.1MEDIUM

Key Information:

Vendor

[unknown]

Status
Cfme
Vendor
CVE Published:
27 July 2018

What is CVE-2017-7497?

The CloudForms management platform has a vulnerability where the dialog for creating cloud volumes does not properly filter cloud tenants by user identity. This allows an attacker with permissions to create storage volumes to potentially produce volumes for other tenants, compromising the intended isolation within the multi-tenant environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CFME

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1601
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1758
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.