CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

Published : 2018-09-10 15:29 Updated : 2018-11-16 20:40

9.0
CVSS Score More info
Score 9.0 / 10
9.0
Vendor Product Version URI
Redhat Cloudforms 4.1 cpe:/a:redhat:cloudforms:4.1
Redhat Cloudforms Management Engine - cpe:/a:redhat:cloudforms_management_engine:-
Redhat Cloudforms Management Engine 4.1 cpe:/a:redhat:cloudforms_management_engine:4.1
Redhat Cloudforms Management Engine 5.1 cpe:/a:redhat:cloudforms_management_engine:5.1
Redhat Cloudforms Management Engine 5.4.4 cpe:/a:redhat:cloudforms_management_engine:5.4.4
Redhat Cloudforms Management Engine 5.5.0 cpe:/a:redhat:cloudforms_management_engine:5.5.0
Redhat Cloudforms Management Engine 5.6 cpe:/a:redhat:cloudforms_management_engine:5.6
  1. Redhat (2) Search CVE
    1. Cloudforms (1) Search CVE
      1. 4.1
    2. Cloudforms Management Engine (6) Search CVE
      1. -
      2. 4.1
      3. 5.1
      4. 5.4.4
      5. 5.5.0
      6. 5.6

CWE

ID Name Description Links
CWE-285 Improper Authorization The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. CVE

History of changes

Date Event
2018-11-16 20:40
2018-09-11 10:29
2018-09-10 15:29

New CVE