Lucene search

RedhatCVELIST:CVE-2017-7497

HistoryJul 27, 2018 - 3:00 p.m.

CVE-2017-7497

2018-07-2715:00:00

CWE-284

redhat

www.cve.org

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

JSON

The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.

CNA Affected

[
  {
    "product": "CFME",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

access.redhat.com/errata/RHSA-2017:1601

access.redhat.com/errata/RHSA-2017:1758

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

JSON

Related for CVELIST:CVE-2017-7497