CRLF Injection Vulnerability in Red Hat CloudForms Management Engine
CVE-2017-7528
5.2MEDIUM
Summary
The Ansible Tower component within the Red Hat CloudForms Management Engine 5 is susceptible to a CRLF injection vulnerability through the X-Forwarded-For header. This flaw enables internal servers to initiate the deployment of unauthorized systems via callback mechanisms, raising significant security concerns. Organizations using this software must take immediate measures to mitigate the risk associated with this vulnerability to protect their infrastructure from potential exploitation.
Affected Version(s)
Ansible Tower As shipped with Red Hat CloudForms Management Engine 5
References
CVSS V3.1
Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved