CVE-2016-7047

Опубликовано: 11 сент. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

Ссылки

http://www.securityfocus.com/bid/99329
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1601
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1758
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/99329
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1601
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1758
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:cloudforms:4.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*

Версия от 5.6 (включая) до 5.6.3.0 (исключая)

cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*

Версия от 5.7 (включая) до 5.7.3.1 (исключая)

cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*

Версия от 5.8 (включая) до 5.8.1.2 (исключая)

EPSS

Процентиль: 55%

0.00328

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-7047

CVSS3: 4.3

redhat

больше 8 лет назад

GHSA-2499-9m7g-hrw5

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 55%

0.00328

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200