CVE-2016-7047

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

Published : 2018-09-11 13:29 Updated : 2018-11-16 14:41

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Redhat Cloudforms 4.2 cpe:/a:redhat:cloudforms:4.2
Redhat Cloudforms 4.5 cpe:/a:redhat:cloudforms:4.5
Redhat Cloudforms Management Engine 5.6 cpe:/a:redhat:cloudforms_management_engine:5.6
Redhat Cloudforms Management Engine 5.6.3 cpe:/a:redhat:cloudforms_management_engine:5.6.3
Redhat Cloudforms Management Engine 5.7 cpe:/a:redhat:cloudforms_management_engine:5.7
Redhat Cloudforms Management Engine 5.7.0 cpe:/a:redhat:cloudforms_management_engine:5.7.0
Redhat Cloudforms Management Engine 5.7.1 cpe:/a:redhat:cloudforms_management_engine:5.7.1
Redhat Cloudforms Management Engine 5.7.1.3 cpe:/a:redhat:cloudforms_management_engine:5.7.1.3
Redhat Cloudforms Management Engine 5.7.2 cpe:/a:redhat:cloudforms_management_engine:5.7.2
Redhat Cloudforms Management Engine 5.7.2.1 cpe:/a:redhat:cloudforms_management_engine:5.7.2.1
Redhat Cloudforms Management Engine 5.7.3 cpe:/a:redhat:cloudforms_management_engine:5.7.3
Redhat Cloudforms Management Engine 5.8 cpe:/a:redhat:cloudforms_management_engine:5.8
Redhat Cloudforms Management Engine 5.8.0 cpe:/a:redhat:cloudforms_management_engine:5.8.0
Redhat Cloudforms Management Engine 5.8.1 cpe:/a:redhat:cloudforms_management_engine:5.8.1
  1. Redhat (2) Search CVE
    1. Cloudforms (2) Search CVE
      1. 4.2
      2. 4.5
    2. Cloudforms Management Engine (12) Search CVE
      1. 5.6
      2. 5.6.3
      3. 5.7
      4. 5.7.0
      5. 5.7.1
      6. 5.7.1.3
      7. 5.7.2
      8. 5.7.2.1
      9. 5.7.3
      10. 5.8
      11. 5.8.0
      12. 5.8.1

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2018-11-16 14:41
2018-09-12 10:29
2018-09-11 13:29

New CVE