Lucene search
Veracode Vulnerability DatabaseVERACODE:12205HistoryJan 15, 2019 - 9:14 a.m.
Privilege Escalation
2019-01-1509:14:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
49.4%
cfme is vulnerable to privilege escalation attacks. The vulnerability exists as it was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
References
rhn.redhat.com/errata/RHSA-2016-2091.html
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1385887
bugzilla.redhat.com/show_bug.cgi?id=1385898
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7071
rhn.redhat.com/errata/RHSA-2016-1996.html
rhn.redhat.com/errata/RHSA-2016-2091.html
Related
nessus
nessus
RHEL 7 : CFME 5.6.2.2 (RHSA-2016:2091)
2024-04-24 00:00:00
cvelist
cvelist
CVE-2016-7071
2018-09-10 15:00:00
nvd
nvd
CVE-2016-7071
2018-09-10 15:29:00
redhat
redhat
(RHSA-2016:2091) Important: CFME 5.6.2.2 security, and bug fix update
2016-10-20 14:07:18
cve
cve
CVE-2016-7071
2018-09-10 15:29:00
redhatcve
redhatcve
CVE-2016-7071
2016-10-20 17:17:59
prion
prion
Code injection
2018-09-10 15:29:00