Design/Logic Flaw

2019-06-1214:29:00

PRIOn knowledge base

www.prio-n.com

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.

CPENameOperatorVersion
cloudforms_management_enginege5.8
cloudforms_management_enginele5.10

CPE	Name	Operator	Version
	cloudforms_management_engine	ge	5.8
	cloudforms_management_engine	le	5.10

References

www.securityfocus.com/bid/108690

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123

hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/