Lucene search
PRIOn knowledge basePRION:CVE-2016-7071HistorySep 10, 2018 - 3:29 p.m.
Code injection
2018-09-1015:29:00
PRIOn knowledge base
www.prio-n.com
3
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloudforms | eq | 4.1 | |
| cloudforms_management_engine | ge | 5.7.0.0 | |
| cloudforms_management_engine | lt | 5.7.0.7 | |
| cloudforms_management_engine | lt | 5.6.2.2 |
Related
nessus
nessus
RHEL 7 : CFME 5.6.2.2 (RHSA-2016:2091)
2024-04-24 00:00:00
cvelist
cvelist
CVE-2016-7071
2018-09-10 15:00:00
nvd
nvd
CVE-2016-7071
2018-09-10 15:29:00
veracode
veracode
Privilege Escalation
2019-01-15 09:14:00
redhat
redhat
(RHSA-2016:2091) Important: CFME 5.6.2.2 security, and bug fix update
2016-10-20 14:07:18
cve
cve
CVE-2016-7071
2018-09-10 15:29:00
redhatcve
redhatcve
CVE-2016-7071
2016-10-20 17:17:59